Age and identity verification system

ABSTRACT

An age and/or identity verification system for reduced-risk devices (RRD) may include a RRD, the RRD initially in an inoperable state, an identity verification server configured to perform identity verification related to an adult consumer, and a computing device. The computing device may receive adult consumer identity information corresponding to the adult consumer from the adult consumer, receive the UID of the RRD, transmit the adult consumer identity information and the UID of the RRD to the identity verification server to perform identity verification of the adult consumer, receive results of the performed identity verification from the identity verification server, receive an encrypted key corresponding to the RRD based on the results of the performed identity verification of the adult consumer, and transmit the encrypted key to the RRD. The RRD may change the state of the RRD to an operable state based on the encrypted key.

BACKGROUND Field

The present disclosure relates to systems, apparatuses, methods, and/ornon-transitory computer readable media related to age and/or identityverification for reduced-risk or reduced-harm devices, such asheat-not-burn aerosol-generating devices, non-heated inhalableaerosol-generating devices, electronic vaping devices (e.g., e-vapingdevices), etc.

Description

In various countries and other locations, the buying, selling,possession, and/or operation of tobacco-related, nicotine-relatedproducts, and/or non-nicotine related products, such as reduced-risk orreduced-harm products, are restricted based on the age of the consumer.Examples of reduced-risk (e.g., reduced-harm products) may includenicotine, or non-nicotine, heat-not-burn aerosol-generating devices,non-heated inhalable aerosol-generating devices, and/or electronicvaping devices (e.g., e-vaping devices), etc. For example, under UnitedStates federal law, only individuals who are twenty-one years of age orolder are legally permitted to buy, possess, and/or consume or attemptto buy, possess, and/or consume tobacco-related and/or nicotine-relatedproducts. However, various states, cities, countries, and otherjurisdictions, may have different minimum age requirements for thepurchase, sales, possession, and/or consumption of tobacco-relatedproducts. Further, retailers, and other businesses that selltobacco-related products to individuals, are legally required to verifythat the purchaser of the tobacco-related product complies with therelevant minimum tobacco-product age regulations prior to the sale ofthe tobacco-related product to the individual.

SUMMARY

At least one embodiment relates to a computing device for verifying anidentity of an adult consumer. In an example embodiment, the computingdevice may include a memory having computer readable instructions storedthereon, and at least one processor configured to execute the computerreadable instructions. The at least one processor may be caused toreceive adult consumer identity information corresponding to the adultconsumer from the adult consumer, receive a unique ID (UID) of areduced-risk device (RRD), transmit the adult consumer identityinformation to an identity verification server to perform identityverification of the adult consumer, receive results of the performedidentity verification from the identity verification server, generate anencrypted key corresponding to the RRD based on the results of theperformed identity verification of the adult consumer and the UID of theRRD, and transmit the encrypted key to the RRD, the encrypted keycausing the RRD to change the state of the RRD based on the encryptedkey.

At least one embodiment relates to a reduced-risk device (RRD) for usewith an identity verification service, the RRD initially in aninoperable state. In an example embodiment, the RRD may include at leastone transceiver configured to communicate with at least one computingdevice, a memory configured to store a private key corresponding to theRRD, and control circuitry configured to receive an encrypted keycorresponding to the RRD from a computing device associated with anadult consumer, the encrypted key generated based on a unique ID (UID)corresponding to the RRD and results of an identity verificationperformed on the adult consumer by an identity verification server,decrypt the encrypted key using the private key, determine whether anidentity of the adult consumer was successfully verified based on thedecrypted key, and change the state of the RRD to an operable statebased on results of the determining whether the identity of the adultconsumer was successfully verified.

At least one embodiment relates to an identity verification system. Inan example embodiment, the identity verification system may include areduced-risk device (RRD) including a unique ID (UID) of the RRD and atleast one transceiver, the RRD initially in an inoperable state, anidentity verification server configured to perform identity verificationrelated to an adult consumer, and a computing device. The computingdevice may be configured to receive adult consumer identity informationcorresponding to the adult consumer from the adult consumer, receive theUID of the RRD, transmit the adult consumer identity information and theUID of the RRD to the identity verification server to perform identityverification of the adult consumer, receive results of the performedidentity verification from the identity verification server, receive anencrypted key corresponding to the RRD based on the results of theperformed identity verification of the adult consumer, the encrypted keygenerated based on the UID of the RRD, and transmit the encrypted key tothe RRD. The RRD may be further configured to change the state of theRRD to an operable state based on the encrypted key.

BRIEF DESCRIPTION OF THE DRAWINGS

The various features and advantages of the non-limiting exampleembodiments herein may become more apparent upon review of the detaileddescription in conjunction with the accompanying drawings. Theaccompanying drawings are merely provided for illustrative purposes andshould not be interpreted to limit the scope of the claims. Theaccompanying drawings are not to be considered as drawn to scale unlessexplicitly noted. For purposes of clarity, various dimensions of thedrawings may have been exaggerated.

FIG. 1 is a schematic view of an example heat-not-burnaerosol-generating device according to at least one example embodiment.

FIG. 2 is a cross-sectional view of an example e-vaping device accordingto at least one example embodiment.

FIG. 3 is a block diagram illustrating various elements of an identityverification system including a reduced-risk device, a personalcomputing device, and an identity verification server according to atleast one example embodiment.

FIG. 4A is a block diagram illustrating various elements of a personalcomputing device for the identity verification system according to atleast one example embodiment.

FIG. 4B is a block diagram illustrating various elements of areduced-risk device for the identity verification system according to atleast one example embodiment.

FIG. 4C is a block diagram illustrating various elements of identityverification server for the identity verification system according to atleast one example embodiment.

FIG. 5 is a flowchart illustrating a method for operating a reduced-riskdevice according to at least one example embodiment.

FIG. 6 is a flowchart illustrating a method for verifying an age and/oridentity of an adult consumer associated with a reduced-risk deviceaccording to at least one example embodiment.

FIG. 7 is a flowchart illustrating a method for unlocking a lockedreduced-risk device based on results of an age and/or identityverification request according to at least one example embodiment.

It should be noted that these figures are intended to illustrate thegeneral characteristics of methods and/or structure utilized in certainexample embodiments and to supplement the written description providedbelow. These drawings are not, however, to scale and may not preciselyreflect the precise structural or performance characteristics of anygiven example embodiment, and should not be interpreted as defining orlimiting the range of values or properties encompassed by exampleembodiments.

DETAILED DESCRIPTION

Some detailed example embodiments are disclosed herein. However,specific structural and functional details disclosed herein are merelyrepresentative for purposes of describing example embodiments. Exampleembodiments may, however, be embodied in many alternate forms and shouldnot be construed as limited to only the example embodiments set forthherein.

Accordingly, while example embodiments are capable of variousmodifications and alternative forms, example embodiments thereof areshown by way of example in the drawings and will herein be described indetail. It should be understood, however, that there is no intent tolimit example embodiments to the particular forms disclosed, but to thecontrary, example embodiments are to cover all modifications,equivalents, and alternatives falling within the scope of exampleembodiments. Like numbers refer to like elements throughout thedescription of the figures.

Various example embodiments relate to systems, apparatuses, methods,and/or non-transitory computer readable media related to age and/oridentity verification for reduced-risk devices (e.g., reduced-harmdevices, etc.). Examples of reduced-risk devices may includeheat-not-burn aerosol-generating devices, non-heated inhalableaerosol-generating devices, electronic vaping devices (e.g., e-vapingdevices), etc. A description of two example embodiments of reduced-riskdevices are provided in connection with FIGS. 1-2 , however the exampleembodiments of reduced-risk devices are not limited thereto, and mayalso include non-heated inhalable aerosol-generating devices, etc.

FIG. 1 is a schematic view of an example heat-not-burnaerosol-generating device according to at least one example embodiment.Referring to FIG. 1 , a heat-not-burn aerosol-generating device 1000 mayinclude a mouthpiece 1015 and a device body 1025, but is not limitedthereto. A power supply 1035 and control circuitry 1045 may be disposedwithin the device body 1025 of the heat-not-burn aerosol-generatingdevice 1000. According to at least one example embodiment, theheat-not-burn aerosol-generating device 1000 may include an I/Ointerface (not shown) and/or a network interface (not shown). The I/Ointerface may be a USB interface (e.g., a USB mini-cable interface), apower cable, etc. The network interface may be a Bluetooth transmitter(e.g., Bluetooth and/or Bluetooth Low Energy (LE), etc.), a NFCtransmitter, a ZigBee transmitter, a WiFi transmitter, a cellularnetwork transmitter, etc. Additionally, the heat-not-burnaerosol-generating device 1000 may also include a puff sensor (notshown) for detecting a puff, for example, by detecting an application ofnegative air pressure on the mouthpiece 1015, etc. In response to thedetection of the puff and/or application of negative air pressure by thepuff sensor, the control circuitry 1045 may be configured to control thesupply of electric current to one or more heaters of the heat-not-burnaerosol-generating device 1000, etc.

The heat-not-burn aerosol-generating device 1000 is configured toreceive a capsule 1080. The capsule 1080 is removable. According to atleast some example embodiments, the capsule 1080 may include anaerosol-forming substrate (e.g., a pre-dispersion formulation, etc.)sandwiched in between first and second heaters. According to at leastsome example embodiments, the first and second heaters may be planar andmay be formed of a material that heats up when an electric current isapplied thereto. The heat-not-burn aerosol-generating device 1000 mayalso include a first electrode 1055 a, a second electrode 1055 b, athird electrode 1055 c, and a fourth electrode 1055 d configured toelectrically contact the capsule 1080, but is not limited thereto.According to at least some example embodiments, the first electrode 1055a and the third electrode 1055 c may electrically contact the firstheater, while the second electrode 1055 b and the fourth electrode 1055d may electrically contact the second heater. However, in non-limitingembodiments involving a capsule with only one heater, it should beunderstood that the first electrode 1055 a and the third electrode 1055c (or the second electrode 1055 b and the fourth electrode 1055 d) maybe omitted.

As used herein, the term “aerosol-forming substrate” refers to amaterial (or combination of materials) that may yield an aerosol. Asreferred to herein, an “aerosol” is any matter generated or outputtedfrom any heat-not-burn aerosol-generating device according to any of theexample embodiments disclosed herein. The material is in a solid formand is a predominant source of a compound (e.g., nicotine, acannabinoid, etc.), wherein an aerosol including the compound isproduced when the material is heated. The heating may be below thecombustion temperature so as to produce an aerosol without involving asubstantial pyrolysis of the aerosol-forming substrate or thesubstantial generation of combustion byproducts (if any). Thus,according to at least some example embodiments, pyrolysis does not occurduring the heating and resulting production of aerosol. In otherinstances, there may be some pyrolysis and combustion byproducts, butthe extent may be considered relatively minor and/or merely incidental.For example, once a heat-not-burn aerosol-generating device heats anaerosol-forming substrate to an aerosolization temperature, theaerosol-forming substrate may yield an aerosol. As used herein, the“aerosolization temperature” of an aerosol-forming substrate is thetemperature at which the aerosol-forming substrate yields an aerosol,and is below the combustion temperature of the aerosol-formingsubstrate.

The aerosol-forming substrate may be a fibrous material. For instance,the fibrous material may be a botanical material. The fibrous materialis configured to release a compound when heated. The compound may be anaturally occurring constituent of the fibrous material. For instance,the fibrous material may be plant material such as tobacco, and thecompound released may be nicotine. The term “tobacco” includes anytobacco plant material including tobacco leaf, tobacco plug,reconstituted tobacco, compressed tobacco, shaped tobacco, or powdertobacco, and combinations thereof from one or more species of tobaccoplants, such as Nicotiana rustica and Nicotiana tabacum.

FIG. 2 is a cross-sectional view of an example e-vaping device accordingto at least one example embodiment.

In at least one example embodiment, as shown in FIG. 2 , an electronicvaping device (e-vaping device) 2000 may include a replaceable cartridge(or first section) 2070, and a reusable battery section (or secondsection) 2072, which may be coupled together at a threaded connector2205. The first section 2070 (e.g., a dispersion generating article, acartridge, a pod assembly, a pod, a capsule, etc.) may include a housing2006 and the second section 2072 may include a second housing 2006′. Thee-vaping device 2000 includes a mouth-end insert 2008. The first section2070 may include a reservoir 2345 configured to contain anaerosol-forming substrate (e.g., a pre-dispersion formulation, etc.),such as a pre-vapor formulation, dry herbs, essential oils, etc., and atleast one heater 2014 that may vaporize the aerosol-forming substrate,which may be drawn from the reservoir 2345 by a wick 2028.

In at least one example embodiment, the pre-vapor formulation is amaterial or combination of materials that may be transformed into avapor. For example, the pre-vapor formulation may be a liquid, solidand/or gel formulation including, but not limited to, water, beads,solvents, active ingredients, ethanol, plant extracts, natural orartificial flavors, and/or vapor formers such as glycerin and propyleneglycol. The pre-vapor formulation may include a nicotine compound or anon-nicotine compound.

In some example embodiments, the active ingredient(s) may be a nicotinecompound or a non-nicotine compound. The nicotine compound may includetobacco, or may be a compound derived from tobacco, whereas thenon-nicotine compound does not include tobacco, nor is the non-nicotinecompound derived from tobacco. In at least one example embodiment, thenon-nicotine compound is cannabis, or includes at least onecannabis-derived constituent. In at least one example embodiment, acannabis-derived constituent includes at least one of a cannabis-derivedcannabinoid (e.g., a phytocannabinoid, or a cannabinoid synthesized by acannabis plant), at least one cannabis-derive terpene, at least onecannabis-derived flavonoid, or combinations thereof.

In at least one example embodiment, the pre-vapor formulation (eitherthe nicotine or non-nicotine versions) includes at least one flavorant.In at least one example embodiment, the at least one flavorant may be atleast one of a natural flavorant, an artificial flavorant, or acombination of a natural flavorant and an artificial flavorant. Forinstance, the at least one flavorant may include menthol, wintergreen,peppermint, cinnamon, clove, combinations thereof, and/or extractsthereof. In addition, flavorants may be included to provide herbflavors, fruit flavors, nut flavors, liquor flavors, roasted flavors,minty flavors, savory flavors, combinations thereof, and any otherdesired flavors.

In at least one example embodiment, the non-nicotine pre-vaporformulation at least one flavorant includes volatile cannabis flavorcompounds (flavonoids). In at least one example embodiment, the at leastone flavorant of the non-nicotine pre-vapor formulation includes flavorcompounds instead of, or in addition to, the cannabis flavor compounds.

In at least one example embodiment, the non-nicotine compound may be amedicinal plant, or a naturally occurring constituent of the plant thathas a medically-accepted therapeutic effect. The medicinal plant may bea cannabis plant, and the constituent may be at least onecannabis-derived constituent. Cannabinoids (phytocannabinoids) are anexample of a cannabis-derived constituent, and cannabinoids interactwith receptors in the body to produce a wide range of effects. As aresult, cannabinoids have been used for a variety of medicinal purposes.Cannabis-derived materials may include the leaf and/or flower materialfrom one or more species of cannabis plants, or extracts from the one ormore species of cannabis plants. In at least one example embodiment, theone or more species of cannabis plants includes Cannabis sativa,Cannabis indica, and Cannabis ruderalis. In some example embodiments,the non-nicotine pre-vapor formulation includes a mixture of cannabisand/or cannabis-derived constituents that are, or are derived from,60-80% (e.g., 70%) Cannabis sativa and 20-40% (e.g., 30%) Cannabisindica.

Examples of cannabis-derived cannabinoids include tetrahydrocannabinolicacid (THCA), tetrahydrocannabinol (THC), cannabidiolic acid (CBDA),cannabidiol (CBD), cannabinol (CBN), cannabicyclol (CBL),cannabichromene (CBC), and cannabigerol (CBG). Tetrahydrocannabinolicacid (THCA) is a precursor of tetrahydrocannabinol (THC), whilecannabidiolic acid (CBDA) is precursor of cannabidiol (CBD).Tetrahydrocannabinolic acid (THCA) and cannabidiolic acid (CBDA) may beconverted to tetrahydrocannabinol (TI-IC) and cannabidiol (CBD),respectively, via heating. In at least one example embodiment, heat fromthe heater 60 may cause decarboxylation to converttetrahydrocannabinolic acid (THCA) in the non-nicotine pre-vaporformulation to tetrahydrocannabinol (THC), and/or to convertcannabidiolic acid (CBDA) in the non-nicotine pre-vapor formulation tocannabidiol (CBD).

In instances where both tetrahydrocannabinolic acid (THCA) andtetrahydrocannabinol (THC) are present in the non-nicotine pre-vaporformulation, the decarboxylation and resulting conversion will cause adecrease in tetrahydrocannabinolic acid (THCA) and an increase intetrahydrocannabinol (THC). At least 50% (e.g., at least 87%) of thetetrahydrocannabinolic acid (THCA) may be converted totetrahydrocannabinol (THC), via the decarboxylation process, during theheating of the non-nicotine pre-vapor formulation for purposes ofvaporization. Similarly, in instances where both cannabidiolic acid(CBDA) and cannabidiol (CBD) are present in the non-nicotine pre-vaporformulation, the decarboxylation and resulting conversion will cause adecrease in cannabidiolic acid (CBDA) and an increase cannabidiol (CBD).At least 50% (e.g., at least 87%) of the cannabidiolic acid (CBDA) maybe converted to cannabidiol (CBD), via the decarboxylation process,during the heating of the non-nicotine pre-vapor formulation forpurposes of vaporization.

Referring again to FIG. 2 , during vaping, pre-vapor formulation, or thelike, may be transferred from the reservoir 2345 to the proximity of theheater 2014 via capillary action of the wick 2028. The wick 2028 mayinclude at least a first end portion and a second end portion, which mayextend into opposite sides of the reservoir 2345. The heater 2014 may atleast partially surround a central portion of the wick 2028 such thatwhen the heater 2014 is activated, the pre-vapor formulation (or thelike) in the central portion of the wick 2028 may be vaporized by theheater 2014 to form a vapor.

In at least one example embodiment, the heater 2014 may include a wirecoil which at least partially surrounds the wick 2028. The wire may be ametal wire and/or the heater coil may extend fully or partially alongthe length of the wick 2028. The heater coil may further extend fully orpartially around the circumference of the wick 2028. In some exampleembodiments, the heater coil 2014 may or may not be in contact with thewick 2028.

In at least one example embodiment, the heater 2014 may heat pre-vaporformulation (or the like) in the wick 2028 by thermal conduction.Alternatively, heat from the heater 2014 may be conducted to thepre-vapor formulation (or the like) by means of a heat conductiveelement or the heater 2014 may transfer heat to the incoming ambient airthat is drawn through the e-vaping device 2000 during vaping, which inturn heats the pre-vapor formulation (or the like) by convection.

It should be appreciated that, instead of using a wick 2028, the heater2014 may include a porous material which incorporates a resistanceheater formed of a material having an electrical resistance capable ofgenerating heat quickly.

In at least one example embodiment, as shown in FIG. 2 , the secondsection 2072 of the e-vaping device 2000 may include a puff sensor 2016(e.g., a pressure sensor, a flow sensor, etc.) responsive to air drawninto the second section 2072 via an air inlet port 2044 a adjacent afree end or tip of the e-vaping device 2000. The second section 2072 mayalso include a power supply 2001.

Additionally, the second section 2072 of the e-vaping device 2000 mayinclude control circuitry 2045 and a battery monitoring unit (BMU) (notshown). In some example embodiments, the second section 2072 may alsoinclude an external device input/output interface (not shown) and/or anetwork interface (not shown). The I/O interface may be a USB interface(e.g., a USB mini-cable interface), a power cable, etc. The networkinterface may be a Bluetooth transmitter (e.g., Bluetooth and/orBluetooth Low Energy (LE), etc.), a NFC transmitter, a ZigBeetransmitter, a WiFi transmitter, a cellular network transmitter, etc.

The control circuitry 2045 includes a microprocessor, a non-transitorycomputer-readable storage medium, a heater control circuitry, and/or acharge control circuitry, etc., and may be connected to the puff sensor2016.

The control circuitry 2045 performs features of the second section 2072,as well as the entire e-vaping device 2000, such as controlling theheater, interfacing with an external charger and monitoring the pressurewithin the e-vaping device 2000 to determine whether negative airpressure has been applied. Moreover, the control circuitry 2045 maydetermine whether a positive pressure has been applied for a thresholdtime. In such an instance, the control circuitry 2045 may place thee-vaping device 2000 in a disabled and/or hibernation mode (reducedpower consumption and/or preventing activation).

The control circuitry 2045 may be processing and/or control circuitry,hardware executing software, or any combination thereof. When thecontrol circuitry 2045 is hardware, such existing hardware may includeone or more Central Processing Units (CPUs), one or moremicrocontrollers, one or more arithmetic logic units (ALUs), digitalsignal processors (DSPs), application-specific-integrated-circuits(ASICs), field programmable gate arrays (FPGAs), one or moreSystem-on-Chips (SoCs), one or more programmable logic units (PLUs), oneor more microprocessors, computers, or any other device or devicescapable of responding to and executing instructions in a defined manner,configured as special purpose machines to perform the functions of thecontrol circuitry 2045.

In the event where the control circuitry 2045 is at least one processorexecuting software (e.g., computer readable instructions), the controlcircuitry 2045 is configured as a special purpose machine to execute thesoftware, stored in the non-transitory computer-readable storage medium,to perform the functions of the control circuitry 2045.

Upon completing the connection between the first section 2070 and thesecond section 2072, the power supply 2001 may be electricallyconnectable with the heater 2014 of the first section 2070 uponactuation of the puff sensor 2016. Air is drawn primarily into the firstsection 2070 through one or more air inlets 2044, which may be locatedalong the housing or at the connector 2205.

The power supply 2001 may include a battery arranged in the e-vapingdevice 2000. The power supply 2001 may be a Lithium-ion battery or oneof its variants, for example a Lithium-ion polymer battery.Alternatively, the power supply 2001 may be a nickel-metal hydridebattery, a nickel cadmium battery, a lithium-manganese battery, alithium-cobalt battery or a fuel cell, etc.

In at least one example embodiment, the power supply 2001 may berechargeable and may include circuitry configured to allow the batteryto be chargeable by an external charging device. To recharge thee-vaping device 2000, an USB mini-charger or other suitable chargerassembly may be used in connection with a charging interface (notshown).

In at least one example embodiment, the first section 2070 may bereplaceable. In other words, once the pre-vapor formulation, or othercontents, of the cartridge is depleted, only the first section 2070 maybe replaced. An alternate arrangement may include an example embodimentwhere the entire e-vaping device 2000 may be disposed once the reservoir2345 is depleted. Additionally, according to at least one exampleembodiment, the first section 2070 may also be configured so that thecontents of the cartridge may be re-fillable.

While FIGS. 1 to 2 depict example embodiments of reduced-risk orreduced-harm devices, the example embodiments are not limited thereto,and may include additional and/or alternative reduced-risk orreduced-harm devices, such as non-heated inhalable devices, ornon-nicotine versions of the reduced-risk or reduced-harm devices, etc.Further, the hardware configurations for the reduced-risk device are notlimited to any single embodiment, and other hardware configurations thatmay be suitable for the purposes demonstrated may be used as well. Forexample, the reduced-risk device may include a plurality of additionalor alternative elements and/or additional or alternative functions, suchas additional elements and/or functions discussed in connection withFIGS. 3 to 4B, etc., as well as additional or alternative heatingelements, reservoirs, batteries, etc. Additionally, while FIGS. 1 to 2depict the example embodiment of the reduced-risk devices as beingembodied in two separate housing elements, additional exampleembodiments may be directed towards reduced-risk devices arranged in asingle housing, and/or in more than two housing elements.

For example, the non-nicotine versions of the reduced-risk orreduced-harm device may generate a dispersion (e.g., an aerosol, avapor, etc.) from a non-nicotine pre-dispersion formulation (e.g., anaerosol-generating substrate, a pre-vapor formulation, etc.) including anon-nicotine compound. In an example embodiment, the non-nicotinepre-dispersion formulation neither includes tobacco nor is derived fromtobacco. A non-nicotine compound of the non-nicotine pre-vaporformulation may be part of, or included in a liquid or a partial-liquidthat includes an extract, an oil, an alcohol, a tincture, a suspension,a dispersion, a colloid, a general non-neutral (slightly acidic orslightly basic) solution, or combinations thereof. During thepreparation of the non-nicotine pre-dispersion formulation, thenon-nicotine compound may be infused into, comingled, or otherwisecombined with the other ingredients of the non-nicotine pre-dispersionformulation.

FIG. 3 is a block diagram illustrating various elements of an identityverification system including a reduced-risk (and/or reduced-harm)device, a personal computing device, and an identity verification serveraccording to at least one example embodiment.

Referring to FIG. 3 , according to at least one example embodiment, anidentity verification system may include at least one reduced-riskdevice 310 (e.g., a heat-not-burn aerosol generating device, anon-heated inhalable device, an e-vaping device, etc.), at least onepersonal computing device 320 associated with one or more adultconsumers, and/or an identity verification server 330, etc., but theexample embodiments are not limited thereto and there may be a greateror lesser number of each individual element in the system and/or otheradditional elements included in the identity verification systemaccording to other example embodiments. According to some exampleembodiments, the reduced-risk device 310 may be a nicotine reduced-riskdevice or a non-nicotine reduced-risk device, etc. Additionally, in someexample embodiments, the identity verification system may also include athird-party identity verification service 340 and/or a point-of-sale(POS) terminal 350, a wireless beacon transmitter 360, etc.

According to some example embodiments, the personal computing device 320may be a smartphone, a mobile phone, a tablet, a laptop, a personalcomputer (PC), a personal digital assistant (PDA), a wearable device, avirtual reality (VR) and/or augmented reality (AR) device, anInternet-of-Things (IoT) device, a voice assistant device, etc., but theexample embodiments are not limited thereto. The personal computingdevice 320 may be associated with an adult consumer who intends tooperate the reduced-risk device 310 and/or operate the reduced-riskdevice 310 in conjunction with a new and/or replacement element of thereduced-risk device 310 (not shown). Examples of the new and/orreplacement element include a new and/or replacement dispersiongenerating article (e.g., a cartridge, a capsule, a heat-stick, etc.)for the reduced-risk device 310, power supply section for thereduced-risk device 310, etc.

The personal computing device 320 may operate an identity verificationsoftware application (e.g., an identity verification app, a reduced-riskdevice application, etc.) to receive information related to thereduced-risk device 310 and/or the element(s) of the reduced-riskdevice, input identity verification information related to the identityof the adult consumer, receive identity verification results from theidentity verification server 330, and/or transmit an encrypted key tothe reduced-risk device 310 to enable the operation of the reduced-riskdevice 310 and/or individual elements of the reduced-risk device, butthe example embodiments are not limited thereto. According to someexample embodiments, the personal computing device 320 may manuallyand/or automatically lock an unlocked the reduced-risk device 310 basedon input received from the adult consumer through the identityverification software application (e.g., app) installed on the personalcomputing device 320 and/or a disconnection of a communication sessionbetween the reduced-risk device 310 and the personal computing device320.

Additionally, the personal computing device 320 may be a device that isoperated by the retailer and/or business to facilitate the verificationof an adult consumer during the purchasing of the reduced-risk deviceand/or elements of the reduced-risk device. For example, the retailerand/or business may use a POS terminal 350, an age/identity verificationkiosk (e.g., stand-alone kiosk), and/or other dedicated device to verifythe identity of the adult consumer and/or to enable the operation of thereduced-risk device 310 and/or elements of the reduced-risk device, etc.

The reduced-risk device 310 and/or the element(s) of the reduced-riskdevice 310 may initially be in a “locked” state (e.g., age/identity lockstate may be engaged, disabled state, etc.) which renders thereduced-risk device 310 and/or the reduced-risk device elements in aninoperable state until the reduced-risk device 310 and/or reduced-riskdevice elements enter into an “unlocked” state (e.g., the age/identitylock state may be disengaged, in an enabled state, etc.). For example,prior to the legal sale of the reduced-risk device 310 from a retailerand/or business, the reduced-risk device 310 may be in an initial lockedor disabled state, wherein the control circuitry (e.g., a controller, aprocessor, etc.) of the reduced-risk device 310 may disable thegeneration of vapor using the reduced-risk device 310 and/or may disablethe operation of the power supply of the reduced-risk device 310, etc.,by setting a locked state flag (e.g., a locked state setting, anage/identity verification lock setting, disable setting, etc.) in thelock control routine 523 of the memory 520.

The reduced-risk device 310 and/or reduced-risk device elements may beplaced in the locked or disabled state at the time of manufacture (e.g.,have the age/identity lock flag set in the memory), but the exampleembodiments are not limited thereto. For example, the reduced-riskdevice 310 may be temporarily unlocked or enabled through a successfulage and/or identity verification of the adult consumer, and after adesired period of time (or other criterion) has occurred, thereduced-risk device 310 may re-enter the locked or disabled state (e.g.,have the age/identity lock flag set).

Additionally, upon the detection of negative air pressure (e.g., a puff)on the mouthpiece of the reduced-risk device 310 by the puff sensor 595,the control circuitry 510 of the reduced-risk device 310 may determinewhether the reduced-risk device 310 is in the “locked” state (e.g.,determine whether the age/identity locked state flag, setting, etc., hasbeen set) in order to determine whether to enable the operation of theheater 540 in response to the detected negative air pressure. If thereduced-risk device is in the locked state (e.g., the lock flag is set),the control circuitry 510 does not allow (e.g., prevents, prohibits,disables, etc.) the powering of the heater 540 by the power supply 530.If the lock flag is not set, the control circuitry 510 allows (e.g.,enables, permits, etc.) the powering of the heater 540 by the powersupply 530.

The reduced-risk device 310 and/or the elements of the reduced-riskdevice may include a unique identifier (UID) on the reduced-risk device310 and/or on the individual element(s) of the reduced-risk device thatuniquely identifies the item. For example, the UID of the reduced-riskdevice 310 may be used during the identity verification process of theindividual purchasing the reduced-risk device 310, and the UID may alsobe used to associate the reduced-risk device 310 with an account of theindividual on a database for verification purposes, such as theverification history of a particular reduced-risk device and/orelement(s) of a reduced-risk device (collectively referred to as thereduced-risk device hereinafter). A personal UID corresponding to theadult consumer may be associated with the individual's account as well.

The personal computing device 320 may be used to capture and/or receivethe UID of the reduced-risk device 310 and/or the UID of the individualelement(s) of the reduced-risk device. For example, a camera included inthe personal computing device 320 may be used to capture an image of theUID of the reduced-risk device 310, a sensor (e.g., a RFID sensor, anNFC sensor, an IR reader, etc.) included in the personal computingdevice 320 may be used to sense/detect/read the UID of the reduced-riskdevice 310, and/or the individual operating the personal computingdevice 320 may manually input the UID of the reduced-risk device 310into verification software operating on the personal computing device320. Additionally, according to some example embodiments, the personalcomputing device 320 may establish a wired and/or wireless communicationconnection (e.g., communication via a USB connection, WiFi connection,Bluetooth connection, NFC connection, etc.) with the reduced-risk device310, and may receive the UID of the reduced-risk device 310 and/or theUID of the element(s) of the reduced-risk device via the communicationconnection, etc.

Further, once a connection has been established between the personalcomputing device 320 and the reduced-risk device 310, the personalcomputing device 320 may store location information related to thepersonal computing device 320 and/or the reduced-risk device 310 at thetime of the connection establishment and/or at the time when theconnection is disconnected. The location information may be obtainedfrom the GPS sensor 590 (and/or other location sensor) included in thereduced-risk device 310, the GPS sensor 460 (and/or other locationsensor) included in the personal computing device 320, and/or may bedetermined based on other information associated with the reduced-riskdevice 310 and/or the personal computing device 320, such as locationinformation lookup based on the IP address of the personal computingdevice 320, WiFi fingerprint analysis of the WiFi signals detected bythe personal computing device 320, cellular triangulation of thepersonal computing device 320, etc. Once the location information hasbeen obtained, the location information may be stored in the RRD profileinformation 425 of the memory 420 of the personal computing device 320.Moreover, the location information of the reduced-risk device 310 and/orthe personal computing device 320 may be periodically refreshed usingthe GPS sensor 590, the GPS sensor 460, etc., while the reduced-riskdevice 310 is connected to the personal computing device 320.Additionally, according to some example embodiments, the locationinformation may be transmitted to the identity verification server 330and stored in association with the adult consumer's profile in theverification information database 623. The location information may beused to determine the last known location of the reduced-risk device 310in the event that the adult consumer loses and/or misplaces thereduced-risk device 310, etc.

In addition, the adult consumer may use the reduced-risk device softwareto enable a “find-my-device”-type feature, wherein an adult consumer mayuse the reduced-risk device software to determine the last knownlocation of a reduced-risk device. According to at least one exampleembodiment, the adult consumer may operate the reduced-risk devicesoftware (e.g., press a GUI button to initiate the “find-my-device”feature, etc.) to transmit a find-my-device instruction (e.g., amessage, an indication, etc.) to the reduced-risk device 310 over awireless connection (e.g., Bluetooth connection, NFC connection, WiFiconnection, etc.) and/or a wired connection. If the reduced-risk device310 is connected to the personal computing device 320 via the wirelessconnection and/or wired connection, the reduced-risk device 310 mayreceive the transmitted find-my-device instruction. Additionally, thereduced-risk device 310 may transmit an acknowledgement message inresponse to the transmitted find-my-device instruction, thereby allowingthe personal computing device 320 to initiate a timer, a countdown,etc., and/or display a timer, a countdown, etc., on the GUI of thereduced-risk device software to indicate the length of time that thefind-my-device operation has been in effect (and/or the time remainingin the desired time period for the find-my-device operation). If thetimer expires prior to the adult consumer locating the reduced-riskdevice 310, the adult consumer may re-initiate the find-my-deviceoperation using the GUI of the reduced-risk device software.

Upon receiving the find-my-device instruction, if the reduced-riskdevice 310 is in a low-power mode (and/or a sleep mode, an off state,etc.), the reduced-risk device 310 will enter a normal-power mode(and/or an on mode, a performance mode, a wake state, etc.) in responseto the received find-my-device instruction. In the event that thereduced-risk device 310 is already in the normal-power mode or thereduced-risk device 310 has entered the normal-power mode in response tothe received find-my-device instruction, the reduced-risk device 310will display and/or emit at least one responsive indication in responseto the received find-my-device instruction. For example, the responsiveindication may be the flashing of a LED light(s) on the reduced-riskdevice 310, the display of a message on the reduced-risk device 310,emitting a sound through a speaker of the reduced-risk device 310, ahaptic feedback (e.g., vibration, etc.) produced by the reduced-riskdevice 310, etc., in order to draw the adult consumer's attention to thecurrent location of the reduced-risk device 310. However, the exampleembodiments are not limited thereto, and the responsive indication maybe any equivalent indication performable by the reduced-risk device 310.

According to some example embodiments, the responsive indication may beproduced at levels that increase the likelihood that the adult consumerwill find the reduced-risk device 310, such as displaying the LED lightsat maximum brightness, emitting a sound on the speaker at maximumvolume, and/or producing a haptic feedback at a maximum vibration level,etc. Further, the responsive indication may be a combination ofindications (e.g., a flashing LED light and an emitted sound, etc.)and/or may be produced based on a desired pattern (e.g., light pattern,sound pattern, and/or haptic feedback pattern, etc.), and additionally,the responsive indication may be performed in a loop for a desirednumber of sequences and/or a desired time period, etc. The reduced-riskdevice 310 may produce the responsive indication for a desired period oftime (e.g., 750 ms, etc.) before returning to its previous state (e.g.,the state the reduced-risk device 310 was in prior to receiving theindication from the personal computing device 320).

Once the adult consumer locates the reduced-risk device 310, the adultconsumer may cancel the production of the responsive indication on thereduced-risk device 310 by operating the reduced-risk device 310, forexample, by engaging an I/O device of the reduced-risk device 310,engaging a UI button on the reduced-risk device 310, engaging the puffsensor of the reduced-risk device 310, etc. The cancellation of theresponsive indication on the reduced-risk device 310 may initiate thetransmission of a cancellation message to the personal computing device320 over the connection that indicates that the adult consumer haslocated the reduced-risk device 310 and/or cancelled the find-my-deviceoperation. The personal computing device 320 may display a statusindication on the GUI of the reduced-risk device software based on thereceived cancellation message.

Additionally, the adult consumer may cancel the “find-my-device”operation using the personal computing device 320 through the GUI of thereduced-risk device software. For example, the GUI of the reduced-riskdevice software may display a UI element that initiates the cancellingof the “find-my-device” operation by causing the personal computingdevice 320 to transmit a cancellation instruction to the reduced-riskdevice 310. Upon receiving the cancellation instruction, thereduced-risk device 310 may cancel (e.g., stop) the production of theresponsive indication and return to the reduced-risk device's previousstate.

According to at least one example embodiment, if the reduced-risk device310 is not connected to the personal computing device 320, the personalcomputing device 320 may display the stored location information (e.g.,last known location information) corresponding to the last location thatthe reduced-risk device 310 connected to the personal computing device320 and/or the last location where the connection between thereduced-risk device 310 and the personal computing device 320 wasterminated on the GUI of the reduced-risk device software, therebyindicating the last known location of the reduced-risk device 310.Additionally, according to some example embodiments, the GUI of thereduced-risk device software may also display a map with a locationindication (e.g., a marker, an avatar associated with the reduced-riskdevice, etc.) corresponding to the last known location information ofthe reduced-risk device 310, as well as the stored location information.Further, the GUI of the reduced-risk device software may also displayadditional information associated with the location information that maybe useful to the adult consumer, such as a mailing address associatedwith the location information, a business name associated with thelocation information, a phone number associated with the locationinformation, photos associated with the location information, etc.Moreover, the GUI of the reduced-risk device software may display thelast known location information, the map view corresponding to the lastknown location information, and/or the additional information associatedwith the location information, etc., even when the reduced-risk device310 and the personal computing device 320 have an established connectionas discussed above.

According to some example embodiments, the adult consumer may alsoinitiate an identity verification request to unlock the reduced-riskdevice 310 from the personal computing device 320 using the reduced-riskdevice software, and may also input the adult consumer's identityverification information into the personal computing device 320 via theGUI of the reduced-risk device software. The personal computing device320 may transmit the identity verification information to the identityverification server 330 to verify the age and/or identity of the adultconsumer, as well as other information related to the identityverification request, such as location information corresponding to thelocation of the personal computing device 320 and/or the reduced-riskdevice 310, etc., date information corresponding to the date of theidentity verification request, time information corresponding to thetime of the identity verification request, etc. The personal computingdevice 320 may communicate with the identity verification server over awired and/or wireless network, such as the Internet, an intranet, a widearea network, a local area network, a personal area network, a cellulardata network, etc., but the example embodiments are not limited thereto.

The identity verification information may be personal informationassociated with the adult consumer identity, such as the adultconsumer's name, date of birth, current address, past addresses, phonenumber, place of birth, social security number, relatives' names, etc.,account information associated with the adult consumer, such as ausername and password, biometric information of the adult consumer, suchas the adult consumer's fingerprint information, retina information,voice information, facial characteristics information, heartbeatinformation, etc., social networking service (SNS) information, instantmessaging service account information, etc., but the example embodimentsare not limited thereto. The identity verification information may alsoinclude other information which may specifically identify the adultconsumer, such as information related to an individual's employmenthistory, educational history, banking history, places that theindividual has lived, names of relatives, etc. However, the exampleembodiments are not limited thereto, and other identity verificationinformation specific to the adult consumer may be used.

Additionally, according to some example embodiments, the identityverification server may transmit to the personal computing device 320identity verification challenge questions which require the adultconsumer to successfully answer questions specific to the adultconsumer's identity. For example, the identity verification challengequestions may include questions related to the adult consumer's mother'smaiden name, place of birth, individual's employment history,educational history, banking history, places that the individual haslived, names of relatives, etc. The identity verification challengequestions may be questions that the adult consumer has previouslycreated and/or submitted answers for, or may be questions and answerscollected by a third party and/or external identity verification service340 based on public records available regarding the adult consumer.Additionally, the identity verification challenge question may be arequirement for the adult consumer to provide biometric information(e.g., fingerprints, facial scan, retina scan, voice identification,etc.) that matches previously provided biometric information of theadult consumer. However, the example embodiments are not limited theretoand the identity verification challenge questions may take otherequivalent forms that provide accurate verification of a person'sidentity.

According to some example embodiments, the identity verification server330 may optionally connect to the third party identity verificationservice 340 over a network, request the identity verification challengequestions and/or answers corresponding to the adult consumer from thethird party identity verification service 340, and transmit the identityverification challenge questions to the personal computing device 320 ofthe adult consumer. Once the adult consumer provides his or her answersto the identity verification challenge questions, the personal computingdevice 320 may transmit the answers to the identity verification server330, and the identity verification server 330 may determine whether theanswers input by the adult consumer are correct based on the answersreceived from the third party identity verification service 340, and/ortransmit the answers input by the adult consumer to the third partyidentity verification service 340 for verification.

Once the answers have been verified by the identity verification server330 and/or the third party identity verification service 340, averification result is transmitted to the personal computing device 320by the identity verification server 330. The personal computing device320 may determine whether the verification result indicates that theadult consumer's identity was properly verified by the identityverification server 330 (and/or the third party verification service340), and the adult consumer is legally allowed to operate thereduced-risk device 310. The personal computing device 320 may generatean encrypted key for unlocking the reduced-risk device 310 (and/or thelocked elements of the reduced-risk device) based on the verificationresults. For example, the encrypted key may be generated based on apublic key (of a public-private key pair) stored on the personalcomputing device 320 (such as a public encryption key associated withthe reduced-risk device 310, a public key associated with the adultconsumer, and/or other public key, etc.), the UID of the reduced-riskdevice 310, the personal UID of the adult consumer, and/or theverification result, etc., however the example embodiments are notlimited thereto and the encrypted key may also be generated based onother information as well.

According to some example embodiments, the identity verification server330 may generate the encrypted key for unlocking the reduced-risk device310 based on the verification result. The identity verification server330 may generate the encrypted key based on a public key stored on theidentity verification server 330 (such as a public key associated withthe reduced-risk device 310, a public key associated with the adultconsumer, and/or other public key, etc.), the UID of the reduced-riskdevice 310, the personal UID of the adult consumer, and/or theverification result, etc., however the example embodiments are notlimited thereto, and the encrypted key may also be generated based onother information as well. For example, the public key may be the UID ofthe reduced-risk device 310, etc. The identity verification server 330may then transmit the encrypted key to the personal computing device320.

Once the personal computing device 320 generates and/or receives theencrypted key, the personal computing device 320 may transmit theencrypted key to the reduced-risk device 310. The reduced-risk device310 may decrypt the encrypted key using a private key corresponding tothe public key used to encrypt the encrypted key. For example, theprivate key may be a key stored on the reduced-risk device 310 thatcorresponds to the UID of the reduced-risk device 310, etc. Thereduced-risk device 310 may then determine whether the adult consumerwas properly verified and/or is legally permitted to operate the lockedreduced-risk device 310 and/or the locked elements of the reduced-riskdevice, based on the verification results included in the encrypted key.If the verification results indicate the adult consumer is properlyverified, the reduced-risk device 310 may unlock the reduced-risk device310 and/or the locked element(s) of the reduced-risk device 310 (e.g.,enable the operation of the reduced-risk device 310, the dispersiongenerating article, the power supply, etc., of the reduced-risk device,etc.). The locked reduced-risk device 310 and/or the locked element(s)of the reduced-risk device may be unlocked for an indeterminate periodof time (e.g., permanently unlocked), may be unlocked for a desiredperiod of time (e.g., temporarily unlocked for 15 minutes, 30 minutes,etc.), and/or may be unlocked while a desired unlock condition issatisfied.

For example, the unlocked state of the reduced-risk device 310 mayfurther be conditioned based on whether the reduced-risk device 310 iswithin a desired distance range of the personal computing device 320.The reduced-risk device 310 may determine whether the reduced-riskdevice 310 is within a desired distance range of the personal computingdevice 320 based on a wireless connection established with the personalcomputing device 320 and/or wireless messages transmitted between thereduced-risk device 310 and the personal computing device 320, and ifthe wireless connection and/or the wireless messages are disconnected,discontinued, stopped, etc., the reduced-risk device 310 may re-lockitself (e.g., block operation of the reduced-risk device) and/or thepreviously unlocked element(s) of the reduced-risk device. As anotherexample, the reduced-risk device 310 and/or element(s) of thereduced-risk device may stay unlocked until a condition related to thereduced-risk device itself expires, such as until the dispersiongenerating article (e.g., cartridge, capsule, heat-stick, etc.)installed on the reduced-risk device is empty and/or replaced, theexpiration of a full power supply charge of the reduced-risk device,etc., however the example embodiments are not limited thereto.

According to some example embodiments, the reduced-risk device 310 mayalso be unlocked using a POS terminal 350 (e.g., kiosk, etc.) installedat the location (e.g., store, etc.) where the reduced-risk device 310and/or element(s) of the reduced-risk device were purchased. Forexample, the POS terminal 350 may be a cash register, a computer, atablet, a computing terminal, and/or a dedicated stand-alone kioskmachine, etc., configured to allow an adult consumer to undergo theidentity verification process with the identity verification server 330,and unlock the reduced-risk device 310, without the use of a personalcomputing device 320. For example, the adult consumer may input theirpersonal information into the POS terminal 350 (e.g., input into a touchscreen, a keyboard and mouse, a microphone, a paper scanner, etc.), andonce the identity verification server 330 verifies the adult consumer'sidentity and/or legal ability to buy and operate the reduced-risk device310, the identity verification server 330 transmits the verificationresults and/or the encrypted key to the POS terminal 350. The POSterminal 350 may transmit the encrypted key to the reduced-risk deviceover a wireless and/or wired communication channel, if the reduced-riskdevice 310 has been removed from its packaging.

Alternatively, the POS terminal 350 may unlock the reduced-risk device310 by emitting pressurized bursts of air of a desired air pressureand/or frequency to the puff sensor of the reduced-risk device 310,which when received by the reduced-risk device 310, causes thereduced-risk device 310 to unlock. Additionally, the POS terminal 350may emit a coded sound through a speaker, which is received by amicrophone of the reduced-risk device 310, and causes the reduced-riskdevice 310 to unlock.

Moreover, upon detection of negative air pressure (e.g., a puff) on themouthpiece of the reduced-risk device 310 by the puff sensor 595, thecontrol circuitry 510 of the reduced-risk device 310 may determinewhether the manual lock flag has been set in order to determine whetherto enable the operation of the heater 540. If the manual lock flag isset (e.g., the reduced-risk device 310 is in the locked state), thecontrol circuitry 510 does not allow (e.g., prohibits, disables, etc.)the powering of the heater 540 by the power supply 530. If the manuallock flag is not set, the control circuitry 510 allows (e.g., enables,permits, etc.) the powering of the heater 540 by the power supply 530.

Further, the adult consumer may operate software installed on thepersonal computing device 320, such as reduced-risk device softwareand/or an app corresponding to the reduced-risk device, etc., whichallows the adult consumer to input a manual lock command (e.g., a tapoperation, a drag operation, a gesture operation, other touch screenoperations, a typed command, etc.) into the graphical user interface(GUI) of the reduced-risk device software. In response to the input ofthe manual lock command into the GUI of the reduced-risk device softwareby the adult consumer, the personal computing device 320 transmits amanual lock instruction to the reduced-risk device 310. Once thereduced-risk device 310 receives the manual lock instruction (e.g.,disable instruction, etc.) from the personal computing device 320, thereduced-risk device 310 sets the manual lock flag (e.g., lock flag,disable flag, manual disable setting, etc.) in the lock control routine523 of the memory 520. Upon detection of negative air pressure (e.g., apuff) on the mouthpiece of the reduced-risk device 310 by the puffsensor 595, the control circuitry 510 of the reduced-risk device 310 maydetermine whether the manual lock flag has been set in order todetermine whether to enable the operation of the heater 540. If themanual lock flag is set (e.g., the reduced-risk device 310 is in thelocked state), the control circuitry 510 does not allow (e.g.,prohibits, disables, etc.) the powering of the heater 540 by the powersupply 530. If the manual lock flag is not set, the control circuitry510 allows (e.g., enables, permits, etc.) the powering of the heater 540by the power supply 530.

Additionally, the manual lock instruction transmitted by the personalcomputing device 320 may also include a UID corresponding to thepersonal computing device 320, such as a unique serial number associatedwith the personal computing device 320 and/or the reduced-risk devicesoftware installed on the personal computing device 320, an IP addressand/or MAC address associated with the personal computing device 320, aUID associated with the adult consumer, a UID associated with thereduced-risk device software installed on the personal computing device,etc., and/or a connection session ID corresponding to the communicationsession established between the personal computing device 320 and thereduced-risk device 310, etc., that may be stored in the lock controlroutine 523. The UID corresponding to the personal computing device 320may be used to determine whether the manual lock should be toggled off(e.g., the locked state of the reduced-risk device changed to theunlocked state) based on the reception of a second manual lockinstruction (and/or a manual unlock instruction, etc.) from the personalcomputing device 320. For example, as a security feature, the personalcomputing device UID included in the first manual lock instruction(e.g., the lock instruction) may be compared with the personal computingdevice UID included in the second manual lock instruction (e.g., theunlock instruction) to determine whether the personal computing deviceUIDs match for the first and second manual lock instructions beforeunlocking the reduced-risk device 310 based on the second manual lockinstruction (e.g., the unlock instruction). By verifying that thepersonal computing device UIDs of the first and second manual lockinstructions match before unlocking a previously manually lockedreduced-risk device, the security of the reduced-risk device may beincreased by decreasing and/or preventing the ability of a person who isnot the adult consumer from using a second personal computing device tounlock the manually locked reduced-risk device.

Moreover, the reduced-risk device 310 may include a “proximity lock”feature (e.g., personal computing device proximity lock feature),wherein a reduced-risk device 310 that is in the unlocked state mayautomatically be placed in the locked state in response to thereduced-risk device 310 becoming disconnected from a paired personalcomputing device 320. For example, if the adult consumer enables theproximity lock setting (e.g., inputs the proximity lock command on theGUI of the reduced-risk device software) on the reduced-risk devicesoftware installed on a personal computing device 320, and the personalcomputing device 320 is paired with the reduced-risk device 310 over awireless and/or wired connection, such as a Bluetooth connection, a NearField Communication (NFC) connection, a WiFi connection, a USBconnection, etc., the reduced-risk device software transmits a proximitylock command (e.g., instruction, message, flag, configuration file,etc.) to the reduced-risk device 310 to transition into a proximity lockstate. The proximity lock instruction may include a UID corresponding tothe personal computing device 320, such as a unique serial numberassociated with the personal computing device 320 and/or thereduced-risk device software installed on the personal computing device320, an IP address and/or MAC address associated with the personalcomputing device 320, a UID associated with the adult consumer, a UIDassociated with the reduced-risk device software installed on thepersonal computing device, a connection session ID corresponding to thecommunication session established between the personal computing device320 and the reduced-risk device 310, etc. When the reduced-risk device310 receives the proximity lock instruction, the reduced-risk device 310is put into a “proximity lock” state (e.g., a proximity lock flag is setin the lock control routine 523 of the memory 520), wherein thereduced-risk device 310 may only be operated by the adult consumer ifthe reduced-risk device 310 connection to the personal computing device320 is maintained.

Accordingly, similar to the manual lock setting, upon detection ofnegative air pressure (e.g., a puff) on the mouthpiece of thereduced-risk device 310 by the puff sensor 595, the control circuitry510 of the reduced-risk device 310 may determine whether the proximitylock flag has been set in order to determine whether to enable theoperation of the heater 540 in response to the detected negative airpressure. If the proximity lock flag is set (e.g., the reduced-riskdevice 310 is in the locked state), the control circuitry 510 determineswhether the reduced-risk device 310 is connected to the same personalcomputing device that set the proximity lock (e.g., the personalcomputing device 320 that transmitted the initial proximity lockinstruction, etc.) based on the personal computing device UIDs includedin the initial proximity lock instruction and the subsequent proximitylock instruction. In response to the personal computing device UIDs notmatching, the control circuitry 510 does not allow (e.g., prohibits,disables, etc.) the powering of the heater 540 by the power supply 530.In response to the personal computing device UIDs matching, the controlcircuitry 510 allows (e.g., enables, permits, etc.) the powering of theheater 540 by the power supply 530.

According to some example embodiments, the identity verification systemmay also include a “beacon proximity lock” feature, wherein areduced-risk device 310 that is in the unlocked state may automaticallybe placed in the locked state in response to the reduced-risk device 310receiving a wireless lock signal from a wireless beacon transmitter 360.The wireless beacon transmitter 360 may be a Bluetooth beacontransmitter, a WiFi beacon transmitter, an NFC transmitter, etc., butthe example embodiments are not limited thereto. The wireless beacontransmitter 360 may be installed in a location and/or vehicle, etc.,that prohibits and/or restricts the operation of reduced-risk device,such as a school, place of worship, a youth facility, a governmentfacility, a designated non-smoking area, an airport, an airplane, atrain, a mass transit vehicle, etc., and may transmit the wireless locksignal to reduced-risk devices within the vicinity of the restrictedlocation. When the reduced-risk device 310 receives the wireless locksignal, the control circuitry 510 of the reduced-risk device 310 placesthe reduced-risk device 310 into a “beacon proximity lock” state (e.g.,a beacon proximity lock flag is set in the lock control routine 523 ofthe memory 520), wherein the reduced-risk device 310 does not permit theoperation of the reduced-risk device 310 until the reduced-risk device310 is out of range of the wireless beacon transmitter 360 (e.g., thereduced-risk device 310 does not receive the wireless lock signal fromthe wireless beacon transmitter 360). The wireless beacon transmitter360 may transmit the wireless lock signal periodically, with thewireless lock signal including information indicating the amount of timethat the reduced-risk device 310 should remain in the locked state priorto the reduced-risk device 310 determining whether an additionalwireless lock signal has been received from the wireless beacontransmitter 360. In other words, if the reduced-risk device 310 receivesa wireless lock signal from the wireless beacon transmitter 360, thereduced-risk device 310 may extract a lockdown period from the wirelesslock signal (e.g., 30 seconds, 5 minutes, 15 minutes, etc.), and start acountdown from the time that the wireless lock signal was receivedbefore the adult consumer may attempt to unlock the reduced-risk device310. If another wireless lock signal is received by the reduced-riskdevice 310 before the lockdown period expires, the lockdown periodresets and the countdown begins again.

Additionally, in accordance with at least one example embodiment, theidentity verification service may evaluate an identity verificationrequest to determine whether the identity verification request issuspicious and/or possibly fraudulent based on the location informationincluded with the identity verification request and information storedin the adult consumer's profile. For example, the previously storedlocation information of the reduced-risk device 310 and/or the personalcomputing device 320 may be included with the identity verificationrequest in order to identify the location of suspicious identityverification activity and/or prohibited reduced-risk device operationbased on the geographic location. Referring again to the identityverification method, the location information of the reduced-risk device310 and/or the personal computing device 320 may be associated with eachidentity verification request and may be transmitted to the identityverification server 330 to determine the location of the adult consumerat the time of the identity verification request. In the event thatsuspicious identity verification activity is detected, such as one ormore consecutive identity verification attempt failures, the totalnumber of identity verification failures exceeding a desired thresholdnumber for a desired time period, identity verification attempts thatare determined to be out of character for the adult consumer based onthe temporal and/or spatial characteristics of the identity verificationattempts (e.g., the identity verification attempt occurs in ageographical location that is not associated with the adult consumer,the identity verification attempt that occurs at a time that is out ofcharacter for the adult consumer, the identity verification attemptoccurs in a geographical location that has been previously identified asa location associated with a higher probability of suspicious,prohibited, and/or false identity verification attempts, such as alocation where only minors are likely to be located (e.g., a school,etc.), or a retail location suspected of illegally selling reduced-riskdevices to minors, etc.), the identity verification attempt occurs usinga personal computing device that is not associated with the adultconsumer (e.g., a previously un-registered personal computing device),etc. Each identity verification request may be analyzed for suspiciousactivity by comparing the characteristics (e.g., time, date, location,success/failure of the request, etc., information) of the identityverification request with the data stored on the identity verificationserver 330 associated with the adult consumer's previous identityverification requests (e.g., historical identity verification data) todetermine whether the identity verification request should be determinedto be suspicious and/or flagged as suspicious. Additionally,characteristics of each identity verification request may be compared togeneral identity verification data, such as locations of known and/orsuspected stores selling reduced-risk devices to minors, known locationsof schools, youth facilities, known locations where reduced-risk deviceactivity is prohibited, etc., to determine whether the identityverification request should be determined to be suspicious and/orflagged as suspicious. However, the example embodiments are not limitedthereto, and other characteristics may be analyzed to detect suspiciousidentity verification activity.

In the event that an identity verification request is determined to besuspicious, a suspicious identity verification activity notification maybe transmitted to a known point of contact previously registered by theadult consumer with the identity verification service, such as atelephone number, email address, mailing address, social networkingservice (SNS) account, an instant messaging service account, thereduced-risk device software installed on the personal computing device320 associated with the adult consumer, etc., for the adult consumercorresponding to the identity verification request regarding thesuspicious identity verification request (e.g., the identity input intothe identity verification request). For example, the contact informationfor the adult consumer may be stored in the profile informationassociated with the adult consumer in the verification informationdatabase 623 of the identity verification server 330, etc. Thesuspicious identity verification notification may include detailsregarding the identity verification request, such as the name of theadult consumer input into the identity verification request, and/or thedate, the time, the location, etc., of the request, etc.

The suspicious identity verification notification may also include arequest for the adult consumer to confirm that the adult consumerinitiated the suspicious identity verification request. For example, thesuspicious identity verification notification may include a URL link forthe adult consumer to engage in order to confirm/deny the suspiciousidentity verification request, may include a telephone number for theadult consumer to call and/or send a reply SMS message to verify thesuspicious identity verification request, may include an instantmessaging account to send a response to regarding the suspiciousidentity verification request, and/or the adult consumer use a messagingfunction of the reduced-risk device software to respond to thesuspicious identity verification request, etc., however the exampleembodiments are not limited thereto.

When the adult consumer responds to the suspicious identity verificationnotification and indicates that the adult consumer initiated theidentity verification request (e.g., the identity verification requestis not fraudulent, etc.), then the identity verification server 330 maychange the designation of the corresponding identity verificationrequest as being not being suspicious in the verification informationdatabase 623, and the identity verification server 330 may transmit theresults of the identity verification to the reduced-risk device 310 asdiscussed above. If the adult consumer responds to the suspiciousidentity verification notification and confirms that the suspiciousidentity verification request was fraudulent (and/or the adult consumerfails to respond to the suspicious identity verification notificationwithin a desired time period), the identity verification server 330transmits the results of the identity verification request to thepersonal computing device 320, the results indicating the identityverification request was confirmed to be suspicious and/or fraudulent,and the personal computing device 320 treats the confirmed suspiciousand/or fraudulent result to be the equivalent of a failed identityverification attempt. Further, the identity verification server 330 mayalso include permanent lock instructions in the results of the identityverification based on the number of failed and/or confirmed suspiciousidentity verification requests received from the adult consumer and/orthe personal computing device 320, the reduced-risk device software ofthe personal computing device 320 causes the reduced-risk device 310and/or the elements of the reduced-risk device to be placed in apermanent lock state (e.g., permanent age/identity lock state), whereinthe reduced-risk device 310 and/or the elements of the reduced-riskdevice 310 may not be unlocked using the identity verification system.

Moreover, if identity verification server 330 determines that the numberof failed and/or confirmed suspicious identity verification requestsreaches a desired threshold number, a notification may also betransmitted to legal authorities with the relevant information regardingthe failed and/or confirmed suspicious identity verification requests,such as information related to the adult consumer identity that was usedfor the identity verification requests, the locations of the identityverification requests, the date/time of the identity verificationrequests, etc., to enable the legal authorities associated with thelocation of the failed and/or confirmed suspicious identity verificationrequests to investigate the failed and/or confirmed suspicious identityverification requests, such as investigating a retail store to determinewhether the retail store is illegally selling reduced-risk devices tominors, etc. Additionally, if the adult consumer indicates that aparticular suspicious identity verification request was suspiciousand/or fraudulent, the adult consumer may select an option in the GUI ofthe reduced-risk device software to forward the relevant informationregarding the confirmed suspicious identity verification request to thelegal authorities as well.

FIG. 4A is a block diagram illustrating various elements of a personalcomputing device for the identity verification system according to atleast one example embodiment.

According to at least one example embodiment, a personal computingdevice, such as the personal computing device 320 of FIG. 3 , mayinclude at least one processor 410, a communication bus 415, and/or amemory 420, etc. The memory 420 may include computer readableinstructions (and/or software code, etc.) corresponding to an operatingsystem (OS) 421 for operating the personal computing device, and specialpurpose computer readable instructions related to the locking/unlockingof the reduced-risk device and/or the identity verification process,such as reduced-risk device (RRD) software 422, an identity/ageverification routine 423, an encryption key generator 424, areduced-risk device (RRD) profile 425, and/or an adult consumer profile426, etc. However, the example embodiments are not limited thereto, andaccording to some example embodiments, one or more of the operatingsystem (OS) 421, the reduced-risk device (RRD) software 422, theidentity/age verification routine 423, the encryption key generator 424,the reduced-risk device (RRD) profile 425, and/or the adult consumerprofile 426 may be combined into one or more routines, for example, theRRD software 422 may include the identity/age verification routine 423,encryption key generator 424, the reduced-risk device (RRD) profile 425,and/or the adult consumer profile 426, etc.

In at least one example embodiment, the processor 410 may be at leastone processor (and/or processor cores, distributed processors, networkedprocessors, etc.), which may be configured to control one or moreelements of the personal computing device 320. The processor 410 isconfigured to execute processes by retrieving program code (e.g.,computer readable instructions) and data from the memory 420 to processthem, thereby executing control and functions of the personal computingdevice 320. Once the program instructions are loaded into the processor410, the processor 410 executes the program instructions, therebytransforming the processor 410 into a special purpose processor. Forexample, once the processor 410 loads the special purpose instructionsrelated to the reduced-risk device (RRD) software 422, the identity/ageverification routine 423, the encryption key generator 424, the RRDprofile 425, and/or the adult consumer profile 426, the processor 410 istransformed into a special purpose processor for executing the routinesof the RRD software 422, the identity/age verification routine 423, theencryption key generator 424, the reduced-risk device RRD profile 425,and/or the adult consumer profile 426, etc.

In at least one example embodiment, the memory 420 may be anon-transitory computer-readable storage medium and may include a randomaccess memory (RAM), a read only memory (ROM), and/or a permanent massstorage device such as a disk drive, a solid state drive, etc. Stored inthe memory 420 are computer readable instructions (e.g., program code)for the reduced-risk device (RRD) software 422, the identity/ageverification routine 423, the encryption key generator 424, thereduced-risk device (RRD) profile 425, and/or the adult consumer profile426, etc. Additionally, the memory 420 may store additional data (notshown) for use with the stored program code, such as sensor information,program setting data, reduced-risk device data, etc. Such softwareelements may be loaded from a non-transitory computer-readable storagemedium independent of the memory 420, using a drive mechanism (notshown) connected to the personal computing device 320 through a networkinterface 430. The network interface 430 may include a wiredcommunication interface for a wired communication protocol, such asEthernet, USB, FireWire, eSATA, ExpressCard, Thunderbolt, etc., and/ormay include a wireless communication interface for a wirelesscommunication protocol, such as WiFi, Bluetooth, Near FieldCommunication (NFC), 3G, 4G LTE, 5G, Zigbee, etc. For example, thenetwork interface may include a Bluetooth transceiver 431, a WiFitransceiver 432, an IR sensor 481, NFC sensor 482, a RFID sensor 483, amagnetic sensor 484, etc.

Additionally, the network interface 430 may enable the processor 410 tocommunicate with and/or transfer data to/from the reduced-risk device310, the identity verification server 330, the third party identityverification service 340, the POS terminal 350, and/or other computingdevices (not shown), such as a server, a personal computer (PC), alaptop, a smartphone, a tablet, a gaming device, etc. Examples of datatransferred between the processor 410 and the reduced-risk device 310may include the identity verification results, the encrypted key,profile data related to one or more adult consumers, software updates tothe reduced-risk device (RRD) software 422, the identity/ageverification routine 423, the encryption key generator 424, thereduced-risk device (RRD) profile 425, and/or the adult consumer profile426, etc.

In at least one example embodiment, the communication bus 415 may enablecommunication and data transmission to be performed between elements ofthe personal computing device 320. The bus 415 may be implemented usinga high-speed serial bus, a parallel bus, and/or any other appropriatecommunication technology.

The personal computing device 320 may also include at least oneinput/output (I/O) interface 440 for connecting to one or more I/Odevices, such as a keyboard (not shown), mouse (not shown), microphone(not shown), speaker (not shown), sensors (e.g., gyroscopes (not shown),accelerometers (not shown), GPS sensor 460, other position and locationsensors (not shown), pressure sensors (not shown), etc.), a camera 450,etc. The I/O devices may be integrated into the personal computingdevice 320, external to the personal computing device 320 and connectedto the personal computing device 320 via a wired and/or wirelessconnection, etc. Additionally, the personal computing device 320 mayalso include at least one display (not shown), such as a monitor, a TV,a touchscreen panel, and/or a projector, etc.

Further, according to some example embodiments, a USB dongle 470 may beconnected to the personal computing device 320, such as a personalcomputer (PC), a laptop, a tablet, etc. The USB dongle 470 may be a“plug-in” type device that enables personal computing devices thatincludes one or more of the Bluetooth transceiver 431, WiFi transceiver432, IR sensor 481, NFC sensor 482, RFID sensor 483, magnetic sensor484, etc., to allow the personal computing device to communicate withthe reduced-risk device 310, particularly if the personal computingdevice does not already include one or more of these sensors.

Additionally, according to some example embodiments, the personalcomputing device 320 may be a POS terminal and/or a special purposedevice located at a retail location, store, place of purchase, etc., toenable an adult consumer and/or retail employee, vendor, etc., to unlockthe reduced-risk device 310 after purchase. According to these exampleembodiments, the personal computing device 320 may include an airpuffing mechanism 490 and/or speaker 492 to emit a specialized code tounlock the reduced-risk device 310 after the adult consumer has verifiedhis or her age and/or identity via the special purpose personalcomputing device 320 located at the retail location. After the adultconsumer undergoes the age and/or identity verification process usingthe personal computing device 320, the personal computing device 320receives the results of the verification and/or the encrypted key fromthe identity verification server 330. If the personal computing device320 receives the verification results from the identity verificationserver 330, then the personal computing device 320 generates anencrypted key based on the verification results. The personal computingdevice 320 also specially encodes the encrypted key using the airpuffing mechanism 490 and/or the speaker 492 to transmit the encryptedkey to the reduced-risk device 310. For example, if the personalcomputing device 320 uses the air puffing mechanism 490, the encryptedkey will be converted (e.g., translated, transformed, etc.) into specialair puff “patterns” to be generated by the air puffing mechanism 490,which when detected by the puff sensor of the reduced-risk device 310,will be translated into data by the reduced-risk device 310, etc. If thepersonal computing device 320 uses the speaker 492 to transmit theencrypted key to the reduced-risk device 310, the encrypted key isconverted into encoded sound waves that are detected by the microphoneof the reduced-risk device 310, and the reduced-risk device 310translates the encoded sounds into data, etc.

FIG. 4B is a block diagram illustrating various elements of areduced-risk device for the identity verification system according to atleast one example embodiment.

According to at least one example embodiment, a reduced-risk device,such as the reduced-risk device 310, etc., may include control circuitry510, a memory 520, a bus 515, a power supply 530, a heater 540, adispersion generating article 550, a charging interface for the powersupply 560, an input/output (I/O) interface 570, a network interface580, a GPS sensor 590, a puff sensor 595, and/or a biometric sensor 596,etc. However the example embodiments are not limited thereto, and thereduced-risk device may include a greater or lesser number ofconstituent elements.

Additionally, the reduced-risk device may also include one or morereduced-risk device UID tags, such as a RFID tag 581, a WiFi tag 582, aninfra-red (IR) tag 583, a NFC tag 584, a Bluetooth tag 585, a barcode586, a QR code 587, a magnetic tag 588, etc. According to at least oneexample embodiment, the reduced-risk device UID tags may include (e.g.,store, have programmed, have embedded, and/or have information printedon them, etc.) unique identifying information (e.g., UID, etc.)corresponding to the reduced-risk device itself, and/or to individualelements of the reduced-risk device, such as the power supply 530, theheater 540, the dispersion generating article 550, the charginginterface 560, the I/O interface 570, the network interface 580, the GPSsensor 590, and/or the puff sensor 595, etc. The UID informationincluded in the reduced-risk device UID tags may be read by acorresponding reader and/or sensor of a personal computing device and/orPOS terminal, such as the personal computing device 320, the POSterminal 350, respectively, etc., and/or a stand-alone reader and/orsensor. For example, if the reduced-risk device UID tag is a RFID tag581, the UID information may be read using a corresponding RFID scanner,etc. If the reduced-risk device UID tag is a barcode 586 or QR code 587,the UID information may be read using a camera, barcode scanner, etc.Additionally, the reduced-risk device UID tag may also be serial numberthat is printed or etched on the reduced-risk device, that may be readby an adult consumer and/or store employee, etc., and input into thepersonal computing device 320 or POS terminal 350, etc. According to atleast one example embodiment, the reduced-risk device UID tags may belocated on the reduced-risk device 310, elements of the reduced-riskdevice 310 (e.g., the dispersion generating article 550, the powersupply 530, etc.), and/or located on the packaging for the reduced-riskdevice 310 or the elements of the reduced-risk device, etc.

In at least one example embodiment, the memory 520 may be anon-transitory computer-readable storage medium and may include a randomaccess memory (RAM), a read only memory (ROM), and/or a permanent massstorage device such as a solid state drive, etc. Stored in the memory520 is program code (i.e., computer readable instructions) for functionsof the entire reduced-risk device 310 and/or functions related to thelocking/unlocking of the reduced-risk device and/or elements of thereduced-risk device, such as a decryption control routine 522, heatercontrol routine 523, and/or profile information 524 (e.g., reduced-riskdevice profile information, dispersion generating article profileinformation, adult consumer profile information, etc.), as well as data,such as a private key 521, biometric information captured using thebiometric sensor 596, etc. Such software elements may be loaded from anon-transitory computer-readable storage medium independent of thememory 520, via a wired communication protocol, such as Ethernet, USB,FireWire, eSATA, ExpressCard, Thunderbolt, etc., and/or wirelesscommunication protocols, such as Wi-Fi, Bluetooth, Near-FieldCommunications (NFC), Infra-Red (IR) communications, RFIDcommunications, 3G, 4G LTE, 5G, etc. Additionally, some or all of thefunctions and/or data stored on the memory 520 may be stored in anencrypted state, such as the private key 521, the profile information,etc.

In at least one example embodiment, the bus 515 may enable communicationand data transmission to be performed between elements of thereduced-risk device 310. The bus 515 may be implemented using ahigh-speed serial bus, a parallel bus, and/or any other appropriatecommunication technology.

According to at least one example embodiment, the control circuitry 510may be at least one controller, processor, processing device, fieldprogrammable gate array (FPGA), system-on-chip (SoC), and/or hardwiredcircuitry, etc., which may be configured to control one or more elementsof the reduced-risk device 310. The control circuitry 510 may alsoretrieve program code (e.g., computer readable instructions), such asthe decryption control routine 522, the heater control routine 523,and/or the profile information 524 (e.g., reduced-risk device profileinformation, dispersion generating article profile information, etc.),etc., and data from the memory 520 (e.g., a private key 521, etc.) toprocess them, thereby executing control and functions of the entirereduced-risk device 310 and/or functions related to thelocking/unlocking of the reduced-risk device and/or elements of thereduced-risk device. Once the program code are loaded into the controlcircuitry 510, the control circuitry 510 executes the special purposeprogram instructions, thereby transforming the control circuitry 510into a special purpose controller and/or processor, etc. Additionally,according to some example embodiments, the control circuitry 510 may betwo or more controllers, processor, processing device, fieldprogrammable gate array (FPGA), system-on-chip (SoC), and/or hardwiredcircuitry, etc., with a first controller dedicated to executing thecontrol and functions of the reduced-risk device, and a secondcontroller dedicated to the functions related to the locking/unlockingof the reduced-risk device and/or elements of the reduced-risk device,etc.

In at least one example embodiment, the control circuitry 510 maycontrol the network interface 580 to receive an encrypted key from thepersonal computing device 320, the POS terminal 350, etc. The controlcircuitry 510 may decrypt the received encrypted key using thedecryption control routine 522 and the private key 521, and based on theidentity verification result and the reduced-risk device UID (and/orreduced-risk device element UID) included in the encrypted key,determine whether to unlock the reduced-risk device 310 and/or unlockthe corresponding element of the reduced-risk device, such as thedispersion generating article 550, the power supply 530, the heater 540,the charging interface 560, etc. Additionally, according to some exampleembodiments, the control circuitry 510 may control the biometric sensor596 to capture biometric information (e.g., a fingerprint scan, a retinascan, a voice scan, a face scan, a heartbeat scan, etc.) of an adultconsumer and may transmit the biometric information to the personalcomputing device 320 for verifying the identity of the adult consumer,etc.

According to at least one example embodiment, the puff sensor 595 mayreceive pressurized bursts of air from a POS terminal 350 and/or an airpuffing device (e.g., air puff generator, etc.) located at a retailstore, etc. If the received pressurized bursts of air are of a desiredair pressure and/or frequency, the control circuitry 510 may determineto unlock the reduced-risk device 310 and/or elements of thereduced-risk device. Additionally, the reduced-risk device 310 mayreceive a coded sound emitted through a speaker of the POS terminal 350,etc., which is received by a microphone (not shown) of the reduced-riskdevice 310. If the received coded sound matches a desired coded sound,the control circuitry 510 may determine to unlock the reduced-riskdevice 310 and/or unlock elements of the reduced-risk device. Thepressurized bursts of air and/or the coded sounds may be encoded using adesired air pressure-based or sound-based data format known to thecontrol circuitry 510, such that the bursts of air and the sounds may betranslated into digital data by the control circuitry 510. Thetranslated digital data may correspond to the identity verificationresults and the UID of the reduced-risk device 310 and/or elements ofthe reduced-risk device that the adult consumer is attempting to unlock.

In at least one example embodiment, the control circuitry 510 mayexecute the lock control routine 523 to unlock the reduced-risk device310 and/or the individual elements of the reduced-risk device 310 basedon the results of the determination of whether to unlock thereduced-risk device 310. When the control circuitry 510 determines thatthe reduced-risk device 310 is to be unlocked, the control circuitry 510may enable the power supply 530 to transmit power to the heater 540 ofthe reduced-risk device 310. Additionally, when the control circuitry510 determines that an individual element and/or elements of thereduced-risk device 310 is to be unlocked, the control circuitry 510 mayenable the operation of those elements by manipulating electrical and/orphysical switches connected to those elements, such as the dispersiongenerating article 550, the puff sensor 595, etc. The reduced-riskdevice 310 and/or the elements of the reduced-risk device 310 may bepermanently unlocked or temporarily unlocked based on the settings ofthe reduced-risk device 310 and/or lock condition settings included inthe encrypted key.

Moreover, the control circuitry 510 may also execute the lock controlroutine 523 to lock the reduced-risk device 310 and/or the individualelements of the reduced-risk device 310 based on at least onelock/unlock condition, such as an unlock period expiring, the proximityof the reduced-risk device 310 to the personal computing device 320, theproximity of the reduced-risk device 310 to a location that theoperation of the reduced-risk device 310 is prohibited, receiving of alock signal, etc. For example, the control circuitry 510 may re-lock thereduced-risk device 310 and/or the individual elements of thereduced-risk device after the expiration of a set time period includedin the lock condition settings of the encrypted key and/or programmedinto the reduced-risk device 310. Additionally, the control circuitry510 may re-lock the reduced-risk device 310 when the reduced-risk device310 is out of a desired proximity range (e.g., a desired distance range)from the personal computing device 320. The desired proximity range maybe based on a connection range of the wireless protocol, such asBluetooth, NFC, WiFi, etc., used to wirelessly connect the networkinterface 580 of the reduced-risk device 310 with the network interface430 of the personal computing device 320, etc.

The control circuitry 510 may also re-lock the reduced-risk device 310based on location information corresponding to the current location ofthe reduced-risk device 310. For example, the reduced-risk device 310may include a location sensor, such as a GPS sensor 590, a GLONASSsensor (not shown), etc., that determines the current locationinformation of the reduced-risk device 310, or the current locationinformation may be determined based on location information of thepersonal computing device 320 when it is connected to the reduced-riskdevice 310. The control circuitry 510 may compare the locationinformation associated with the reduced-risk device 310 with locationinformation of places where the operation of the reduced-risk device 310may be prohibited and/or restricted, such as educational facilities,places of worship, public venues, medical facilities, etc., or placesinput by the adult consumer, such as the location informationcorresponding to the adult consumer's home, office, etc. The locationinformation of restricted location may be stored in the memory 520 ofthe reduced-risk device 310 and/or may be transmitted to thereduced-risk device 310 from the personal computing device 320, etc.,but is not limited thereto.

The control circuitry 510 may also re-lock the reduced-risk device 310based on the reception of a wireless lock signal emitted from a wirelessbeacon transmitter 360, such as a Bluetooth beacon transmitter, a WiFibeacon transmitter, etc. The wireless beacon transmitter 360 may beinstalled in a location that prohibits and/or restricts the operation ofreduced-risk device, such as a school, place of worship, etc., and maytransmit the wireless lock signal to reduced-risk devices within thevicinity of the restricted location. When the control circuitry 510detects that the network interface 580 has received the wireless locksignal from the wireless beacon transmitter 360, the control circuitry510 may disable the power supply from transmitting power to the heater540, etc.

While FIG. 4B depicts an example embodiment of a reduced-risk device,the reduced-risk device is not limited thereto, and may includeadditional and/or alternative architectures that may be suitable for thepurposes demonstrated. For example, the reduced-risk device may includea plurality of additional or alternative elements, such as additionalprocessing devices, interfaces, and memories.

FIG. 4C is a block diagram illustrating elements of an identityverification server according to at least one example embodiment.Description of elements in the identity verification server which arethe same as elements described in connection with FIG. 4A will bepartially or completely omitted and the same elements may be assumed tohave the same and/or similar characteristics and/or operation as theelements described in connection with FIG. 4A. Differences between thepersonal computing device and the identity verification server will bedescribed below.

According to at least one example embodiment, an identity verificationserver, such as the identity verification server 330 of FIG. 3 , mayinclude at least one processor 610, a communication bus 615, a memory620, a network interface 630, and/or an I/O interface 640, etc. Thememory 620 may include computer readable instructions (and/or softwarecode, etc.) corresponding to an operating system (OS) 621 for operatingthe identity verification server, and special purpose computer readableinstructions related to the identity verification process, such as anage/identity verification routine 622, a verification informationdatabase 623 for storing age and/or identity verification informationrelated to a plurality of adult consumers, an encryption key generator624, etc., but the example embodiments are not limited thereto.

In at least one example embodiment, the processor 610 may be at leastone processor (and/or processor cores, distributed processors, networkedprocessors, etc.), which may be configured to control one or moreelements of the identity verification server 330. The processor 610 isconfigured to execute processes by retrieving program code (e.g.,computer readable instructions) and data from the memory 620 to processthem, thereby executing control and functions of the identityverification server 330. Once the program instructions are loaded intothe processor 610, the processor 610 executes the program instructions,thereby transforming the processor 610 into a special purpose processor.For example, once the processor 610 loads the special purposeinstructions related to the age/identity verification routine 622, theverification information database 623, the encryption key generator 624,etc., the processor 610 is transformed into a special purpose processorfor executing the routines of the age/identity verification routine 622,the verification information database 623, the encryption key generator624, etc.

Additionally, according to at least one example embodiment, theprocessor 610 may execute the age/identity verification routine 622 toperform an age and/or identity verification of an adult consumer basedon information received from the personal computing device 320 and/orthe POS terminal 350, etc., using the network interface 630. Theinformation received from the personal computing device 320 and/or thePOS terminal 350 may include a request for age and/or identityverification, the UID of the reduced-risk device and/or UID of elementsof the reduced-risk device, as well as information related to theidentity of the adult consumer requesting age/identity verification(e.g., the personal UID corresponding to the adult consumer, the name ofthe adult consumer, etc.). The processor 610 may then generate ageand/or identity verification challenge questions based on the receivedidentity information of the adult consumer and verified identificationinformation stored in the verification information database 623corresponding to the received age/identity verification request, such asquestions regarding personal information of the adult consumer,questions regarding family members of the adult consumer, publicfinancial information regarding the adult consumer, business informationregarding the adult consumer, biometric information of the adultconsumer, etc., stored in the verification information database 623 andhave been previously verified as being accurate information related tothe adult consumer. The identity verification challenge questions may bequestions that the adult consumer has previously created and/orsubmitted answers for, or may be questions and answers collected by athird party and/or external identity verification service 340 based oninformation available regarding the adult consumer, such as publicrecords, financial data, information provided by the adult consumer tothe identity verification server 330, information provided to theidentity verification software application, biometric data of the adultconsumer, etc. Once the processor 610 generates the age and/or identityverification challenge questions, the processor 610 may transmit thechallenge questions to the personal computing device 320 and/or the POSterminal 350 using the network interface 630.

Alternatively, according to at least one example embodiment, theprocessor 610 may contact a third party server, such as the third partyidentity verification service 340, a third party creditreport/information service, a government database, etc., to generate theverification challenge questions for the adult consumer based oninformation corresponding to the adult consumer stored on the thirdparty server. Once the processor 610 receives the verification challengequestions from the third party server, the processor 610 may transmitthe verification challenge questions to the personal computing device320 and/or POS terminal 350, etc., using the network interface 630.

The processor 610 may receive response(s) to the identity verificationchallenge question(s) from the personal computing device 320 and/or thePOS terminal 350, etc., using the network interface 630, and theprocessor 610 may verify the responses based on the identityverification information corresponding to the adult consumer stored inthe verification information database 623 of the identity verificationserver 330. According to some example embodiments, the verificationinformation database 623 may be hosted by a third party server, such asa third party identity verification service, a third party creditreport/information service, a government database, etc., which may beaccessed in order to verify the information included in the response(s)to the identity verification challenge question(s) received from thepersonal computing device 320 and/or the POS terminal 350, etc.Additionally, once the identity of the adult consumer requesting theunlocking of the locked reduced-risk device 310 and/or locked element(s)of the reduced-risk device is confirmed, the processor 610 may alsodetermine whether the adult consumer is of legal age (e.g., meets alegal age) to purchase and/or operate the reduced-risk device 310, bychecking the stored age of the confirmed identity with the minimum legalage to purchase and/or operate a reduced-risk device and/or elements ofthe reduced-risk device (e.g., a dispersion generating article 550 forthe reduced-risk device), etc., in the appropriate jurisdiction. Forexample, geographic information related to the location of thereduced-risk device 310, the location of the personal computing device320, and/or the POS terminal 350 may be transmitted to the identityverification server 330. The geographic information may be determinedusing a GPS sensor and/or other location determining sensor/device,etc., of the reduced-risk device 310, the personal computing device 320,and/or the POS terminal 350, may be a location associated with the storeat which the reduced-risk device 310 is being purchased, may be apre-defined address associated with the adult consumer's mailingaddress, etc.

Based on the results of the verification of the responses to theidentity verification challenge question(s), the processor 610 generatesan encryption key using the encryption key generator 624. The processor610 may generate the encryption key based on the results of theverification (e.g., indicating that the information included in theresponse received from the adult consumer was successfully verifiedusing the information stored on the verification information database623, or that the information included in the response did not match theinformation stored on the verification information database 623, etc.),the UID of the reduced-risk device 310 and/or UID(s) of the element(s)of the reduced-risk device 310 that the adult consumer requests tounlock, etc. For example, the processor 610 may generate the encryptionkey based on a public key corresponding to the reduced-risk device 310and/or the element(s) of the reduced-risk device 310, the UID of thereduced-risk device and/or the element(s) of the reduced-risk device,and the results of the verification, etc., the public key being storedon the identity verification server 330, and transmit the encryption keyto the personal computing device 320 and/or the POS terminal 350.However, the example embodiments are not limited thereto, and theencryption key may be generated based on other data.

According to some example embodiments, the UID(s) of the reduced-riskdevice 310 and/or the element(s) of the reduced-risk device may be thepublic key itself, but the example embodiments are not limited thereto.Additionally, according to other example embodiments, the processor 610may omit the generation of the encryption key, and may instead transmitthe results of the verification to the personal computing device 320and/or POS terminal 350, and the personal computing device 320 and/orPOS terminal 350 may generate the encryption key in a similar manner.Moreover, according to still other example embodiments, the processor610 may transmit the generated encryption key or the results of theverification directly to the reduced-risk device 310 itself, etc.

Additionally, according to some example embodiments, the processor 610may log verification attempts in the verification information database623. For example, the processor 610 may log all verification attempts,or may log unsuccessful verification attempts, in the verificationinformation database 623. Data included in the verification attempt logsmay include the date, time, adult consumer identity used in theverification attempt, result of the verification attempt, UID of thereduced-risk device and/or element of the reduced-risk devicecorresponding to the verification attempt, IP address and/or MAC addressof the personal computing device and/or POS terminal associated with theverification attempt, location information (e.g., GPS information,latitude/longitude, street address associated with the POS terminal,etc.) associated with the personal computing device and/or POS terminalassociated with the verification attempt, store/retail employeeinformation associated with the point-of-sale of the reduced-riskdevice, etc., but the example embodiments are not limited thereto, andother information may also be logged. Further, information related tounsuccessful verification attempts may be forwarded to relevantauthorities, such as governmental agencies (e.g., law enforcement,public health officials, state regulators, etc.), school officials,employers, etc., so that possible illegal activity related to the saleor consumption of reduced-risk devices to minors, etc., may be monitoredand/or remediated. Additionally, information related to unsuccessfulverification attempts may also be forwarded to an address (e.g., mailingaddress, email address, phone number, etc.) associated with the identityof the adult consumer that the request attempted to verify, etc., sothat the authentic adult consumer may be informed of unsuccessfulattempts to use the adult consumer's identity to pass an age/identityverification for the unlocking of a reduced-risk device.

While FIG. 4C depicts an example embodiment of an identity verificationserver, the identity verification server is not limited thereto, and mayinclude additional and/or alternative architectures that may be suitablefor the purposes demonstrated. For example, the identity verificationserver 330 may include a plurality of additional or alternativeelements, such as additional processing devices, interfaces, routines,and memories, etc.

FIG. 5 is a flowchart illustrating a method for operating a reduced-riskdevice according to at least one example embodiment.

Referring to FIG. 5 , a method for operating a reduced-risk deviceaccording to at least one example embodiment is shown, however theexample embodiments are not limited thereto. In operation S510, thereduced-risk device may detect the beginning of the operation of thereduced-risk device based on, for example, negative air pressure appliedto the mouthpiece of the reduced-risk device using the puff sensor, theengagement of the power button (e.g., on/off button, etc.), a request(e.g., a wireless pairing request (e.g., Bluetooth pairing request, NFCpairing request, WiFi pairing request, etc.), an age/identityverification request, etc.) transmitted from the reduced-risk devicesoftware, etc.

In operation S520, the reduced-risk device may determine whether anage/identity lock has been engaged (e.g., a first lock, the reduced-riskdevice is in the lock state, and/or the age/identity lock flag has beenset, etc.) on the reduced-risk device based on the settings stored inthe memory of the reduced-risk device (e.g., the lock control routine523 of the memory). In response to the reduced-risk device determiningthat the age/identity lock has been engaged, the reduced-risk device mayperform an age/identity verification method according to some exampleembodiments, such as the operations starting at operation S630 of FIG. 6, but are not limited thereto. The age/identity verification method isdiscussed in further detail in FIG. 6 .

In response to the reduced-risk device determining that the age/identitylock has not been engaged, in operation S530, the reduced-risk devicemay determine whether a manual lock (e.g., a second lock, etc.) has beenengaged based on the settings stored in the memory of the reduced-riskdevice (e.g., the lock control routine 523 of the memory).

In response to the reduced-risk device determining that the manual lockhas been engaged, the reduced-risk device proceeds to operation S570. Inresponse to the reduced-risk device determining that the manual lock hasnot been engaged and/or disengaged (e.g., a second manual lockinstruction has been received from the personal computing device thatsent the first manual lock instruction that placed the reduced-riskdevice in the manual lock state), in operation S540, the reduced-riskdevice may determine whether a proximity lock (e.g., a third lock, etc.)has been engaged based on the settings stored in the memory of thereduced-risk device (e.g., the lock control routine 523 of the memory).

In response to the reduced-risk device determining that the proximitylock has not been engaged, the reduced-risk device proceeds to operationS550. In response to the reduced-risk device determining that theproximity lock has been engaged, the reduced-risk device determineswhether it is connected to the same personal computing device thatinitially set the proximity lock (e.g., the personal computing devicethat transmitted the initial proximity lock instruction, the personalcomputing device that initiated the proximity lock, etc.) based on apersonal computing device UID included in the initial proximity lockinstruction (e.g., a unique serial number associated with the personalcomputing device and/or the reduced-risk device software installed onthe personal computing device, an IP address and/or MAC addressassociated with the personal computing device, a UID associated with theadult consumer, a UID associated with the reduced-risk device softwareinstalled on the personal computing device, a connection session IDcorresponding to the communication session established between thepersonal computing device and the reduced-risk device, etc.) and storedin the memory of the reduced-risk device (e.g., stored in the lockcontrol routine 523 of the memory), and a personal computing device UIDreceived from the personal computing device that is connected to (e.g.,paired with) the reduced-risk device (e.g., received in a secondproximity lock instruction, received upon the wireless pairing of thepersonal computing device and the reduced-risk device, etc.). Inresponse to the personal computing device UIDs not matching (and/or apersonal computing device not being paired with the reduced-riskdevice), the reduced-risk device remains in the proximity lock state,the operation of the reduced-risk device remains prohibited, and thereduced-risk device proceeds to operation S470. However, in response tothe personal computing device UIDs of the initial proximity lockinstruction and the currently paired personal computing device matching,the reduced-risk device changes the state of the proximity lock to theunlocked state and proceeds to operation S550.

In operation S550, the reduced-risk device may determine whether abeacon proximity lock (e.g., a fourth lock, etc.) has been engaged basedon the settings stored in the memory of the reduced-risk device (e.g.,the lock control routine 523 of the memory). In response to thereduced-risk device determining that the beacon proximity lock has beenengaged (e.g., that a beacon proximity lock instruction has beenreceived from a wireless beacon transmitter, etc.), the reduced-riskdevice proceeds to operation S550A and starts a countdown timer of adesired length of time. When the countdown timer expires and noadditional beacon proximity lock instructions have been received fromthe wireless beacon transmitter and/or the reduced-risk device is nolonger within the range of the wireless beacon transmitter, thereduced-risk device disengages the beacon proximity lock (e.g., sets thebeacon proximity status to the unlocked state, etc.) and repeatsoperation S550. If the reduced-risk device receives another beaconproximity lock instruction while the countdown timer is running, thestate of the beacon proximity lock remains in the locked state, and thecountdown timer is reset and restarts. Additionally, if the reduced-riskdevice receives a beacon proximity lock instruction while in the beaconproximity lock is in the unlocked state, the reduced-risk deviceimmediately changes the state of the beacon proximity lock state to thelocked state, disables the operation of the reduced-risk device (if thereduced-risk device was being operated at the time), and begins thecountdown timer.

In response to the beacon proximity lock being disengaged, thereduced-risk device proceeds to operation S560. In operation S560, thereduced-risk device enables the operation of the reduced-risk device bythe adult consumer, e.g., by enabling the power supply of thereduced-risk device to supply power to the heating coil of thereduced-risk device.

Additionally, in response to the reduced-risk device determining thatone or more of the age/identity lock, manual lock, the proximity lock,and/or the beacon proximity lock has been engaged, the reduced-riskdevice performs operation S570 and may display a “Locked” status messageto the adult consumer via the user interface of the reduced-risk deviceand/or via the GUI of the reduced-risk device software on the personalcomputing device. For example, the “Locked” status message may alsoinclude a message indicating which lock(s) are engaged so that the adultconsumer may disengage the appropriate lock to enable operation of thereduced-risk device, but the example embodiments are not limitedthereto.

Additionally, the example embodiments are not limited as describedabove, and for example, the number of locks provided by the reduced-riskdevice may be a greater number or lesser number than discussed herein.Further, the example embodiments are not limited to the order ofoperations described above, and the ordering of the operations may bechanged as desired by one of ordinary skill in the art.

FIG. 6 is a flowchart illustrating a method for verifying an age and/oridentity of an adult consumer associated with a reduced-risk deviceaccording to at least one example embodiment.

Referring to FIG. 6 , a method for verifying an age and/or identity ofan adult consumer associated with a reduced-risk device according to atleast one example embodiment is shown, however the example embodimentsare not limited thereto. In operation S610, an adult consumer mayinstall a reduced-risk device software application (e.g., app, etc.) onhis or her personal computing device (e.g., smartphone, tablet, laptop,personal computer, smartwatch, VR device, AR device, etc.).Additionally, the adult consumer may create an adult consumer profileusing the reduced-risk device software and/or a website associated withthe identity verification server and/or the third-party identityverification service. The adult consumer profile may include informationsuch as, the legal name of the adult consumer, birthdate of the adultconsumer, address information of the adult consumer (e.g., streetaddress, mailing address, business address, etc.), government issuedidentification numbers associated with the adult consumer, such as aSocial Security Number of the adult consumer, driver's license number ofthe adult consumer, passport number of the adult consumer, etc., contactinformation of the adult consumer (e.g., a phone number, email address,SNS information, IM information, etc.), biometric information of theadult consumer (e.g., fingerprint of the adult consumer, voice signatureof the adult consumer, facial recognition signature of the adultconsumer, retinal signature of the adult consumer, heart beat signatureof the adult consumer, etc.), however, the example embodiments are notlimited thereto. Additionally, the adult consumer profile informationmay also include an adult consumer-created password, PIN information,etc., for securing the adult consumer profile, and/or may also includeadult consumer-created identity verification challenge questions forfuture authentication of the age/identity of the adult consumer and theadult consumer-provided answers to the adult consumer-created identityverification challenge questions. Moreover, according to some exampleembodiments, the adult consumer profile information may be stored on thepersonal computing device and/or website in encrypted form.

In operation S620, the adult consumer profile (e.g., adult consumerprofile information) stored on the personal computing device and/orwebsite may be transmitted to the identity verification server. Theidentity verification server may store the adult consumer profile in itsmemory in an encrypted form, and may associate the adult consumerprofile with publicly available identity verification informationcorresponding to the adult consumer's identity. For example, theidentity verification server may associate the adult consumer profilewith information obtained from the third-party identity verificationservice, governmental databases, credit agencies, etc., includinginformation such as, past addresses associated with the adult consumer'sidentity, past phone numbers associated with the adult consumer'sidentity, family member information associated with the adult consumer'sidentity, biographical information related to the adult consumer'sidentity (e.g., place of birth, hospital that the adult consumer wasborn, foreign countries visited, information related to the adultconsumer's spouse, partner, children, parents, other relatives, etc.),educational history information associated with the adult consumer'sidentity (e.g., schools attended by the adult consumer, graduation datesassociated with the adult consumer, awards received while attendingschool, etc.), banking/financial history of the adult consumer,employment history of the adult consumer, etc., however the exampleembodiments are not limited thereto. Additionally, the identityverification server may assign a UID associated with the adult consumerprofile.

In operation S630, the adult consumer may operate the personal computingdevice (and/or the POS terminal, etc.) to capture the UID of thereduced-risk device and/or the UID of the elements of the reduced-riskdevice, such as the dispersion generating article, etc., using thecamera and/or sensors of the personal computing device, or the POSterminal. Alternatively, the adult consumer may input the UID manuallyusing the GUI of the reduced-risk device software.

In operation S640, the adult consumer may input his or her identityinformation (e.g., name, etc.) into the reduced-risk device software,and the personal computing device or the POS terminal may transmit anidentity verification request to the identity verification server, therequest including the adult consumer identity information and the UID ofthe reduced-risk device and/or elements of the reduced-risk device thatneed to be unlocked. Additionally, other information may be included inthe identity verification request, such as location informationassociated with the personal computing or the POS terminal transmittingthe identity verification request, IP address and/or MAC address of thepersonal computing device and/or POS terminal associated with theverification request, retail store information (e.g., a store number,store location information, identity of the retail employee assistingthe adult consumer with the purchase of the reduced-risk device, etc.)associated with the POS terminal if the POS terminal transmits theidentity verification request, etc.

In operation S650, the identity verification server may receive theidentity verification request from the personal computing device or thePOS terminal, and may generate at least one identity verificationchallenge question for verifying the identity and/or the age of theadult consumer, and corresponding answer, based on the informationincluded in the identity verification request, the adult consumerprofile information stored on the identity verification server, and/orinformation received from the third-party identity verification service.For example, the identity verification server may generate identityverification challenge questions related to the adult consumer'smother's maiden name, place of birth, employment history, educationalhistory, banking/financial history, places that the individual haslived, names of relatives, etc. The identity verification challengequestions may be questions that the adult consumer has previouslycreated and/or submitted answers for that were stored in the adultconsumer profile, such as entry of a password or PIN previously createdby the adult consumer, adult consumer-created identity challengequestions, etc. Additionally, according to some example embodiments, theidentity verification server may request identity verificationquestions, and corresponding answers, be generated by the third-partyidentification service (e.g., an external identity verification service,a government identity verification service, etc.) based on publicrecords available related to the adult consumer. Further, the identityverification server may generate identity verification challengequestions requesting the adult consumer provide biometric information(e.g., fingerprints, facial scan, retina scan, voice identification,etc.) that matches previously provided biometric information of theadult consumer stored in the adult consumer profile. However, theexample embodiments are not limited thereto and the identityverification challenge questions may take other equivalent forms thatprovide accurate verification of a person's identity. Once the identityidentification challenge questions have been generated, the identityverification server may transmit the questions to the personal computingdevice or POS terminal that initially transmitted the identityverification request.

In operation S660, the personal computing device or POS terminalreceives the generated identity verification challenge questions fromthe identity verification server, and presents the questions to theadult consumer (e.g., displays the questions, audibly announces thequestions, etc.), and receives an answer to the questions from the adultconsumer. For example, the adult consumer may type their answer, speaktheir answer, provide their biometric information, etc., into thepersonal computing device or POS terminal. The personal computing deviceor POS terminal may then transmit the answer to the identityverification server.

In operation S670, the identity verification server may verify thereceived identity verification answer based on the informationcorresponding to the adult consumer previously stored in the adultconsumer profile and/or provided by the third party identityverification service, etc., and determine whether the received identityverification answer matches the answer to the identity verificationquestion generated by the identity verification server (and/or stored onthe identity verification server). Additionally, assuming the identityverification attempt was successful, the identity verification servermay also determine the age of the adult consumer based on theinformation stored in the adult consumer profile, and determine whetherthe adult consumer is legally allowed to purchase, possess, and/oroperate the reduced-risk device and/or elements of the reduced-riskdevice based on the location information included with the identityverification request, the address information associated with the adultconsumer in the adult consumer profile, the retail store locationinformation, etc., and the relevant laws of the jurisdictioncorresponding to the location information. In the event that the adultconsumer successfully verified his or her identity based on the identitychallenge questions and the age associated with the adult consumer isdetermined to satisfy all legal requirements related to the reduced-riskdevice, the identity verification server determines that the identityand/or age verification request was successful. However, in the eventthat the adult consumer successfully verified his or her identity basedon the identity challenge questions, but the age requirement is notdetermined to be successful, and/or the adult consumer failed tosuccessfully verify his or her identity, then the identity verificationserver determines that the identity and/or age verification request wasunsuccessful/failed.

In operation S680, the identity verification server transmits theresults of the identity and/or age verification to the personalcomputing device or the POS terminal. According to some exampleembodiments, the identity verification server may generate an encryptedkey for unlocking the reduced-risk device and/or elements of thereduced-risk device based on the verification result and a public keystored on the identity verification server (such as a public keyassociated with the reduced-risk device, a public key associated withthe adult consumer, and/or other public key, etc.), the UID of thereduced-risk device, and/or the personal UID of the adult consumer,etc., however the example embodiments are not limited thereto, and theencrypted key may also be generated based on other information as well.For example, the public key may be the UID of the reduced-risk device310, etc. The identity verification server may then transmit theencrypted key to the personal computing device or the POS terminal inlieu of transmitting the verification results.

Additionally, according to some example embodiments, the identityverification server may log the verification attempts in a database,such as the verification information database 623. For example, theidentity verification server may log all verification attempts, or maylog only unsuccessful verification attempts. Data included in theverification attempt logs may include the date, time, adult consumeridentity used in the verification attempt, result of the verificationattempt, UID of the reduced-risk device and/or element of thereduced-risk device corresponding to the verification attempt, IPaddress and/or MAC address of the personal computing device and/or POSterminal associated with the identity verification request, locationinformation (e.g., GPS information, latitude/longitude, street addressassociated with the POS terminal, etc.) associated with the personalcomputing device and/or POS terminal associated with the verificationattempt, store/retail employee information associated with thepoint-of-sale of the reduced-risk device, etc., but the exampleembodiments are not limited thereto, and other information may also belogged. Further, if the number of unsuccessful verification attemptsexceeds a desired threshold number (e.g., the desired threshold numbermay be any number greater than or equal to one), information related tounsuccessful verification attempts may be forwarded to relevantauthorities, such as governmental agencies (e.g., law enforcement,public health officials, state regulators, etc.), school officials,employers, etc., so that possible illegal activity related to the saleor consumption of reduced-risk devices to minors, etc., may be monitoredand/or remediated. Additionally, information related to unsuccessfulverification attempts may also be forwarded to an address (e.g., mailingaddress, email address, phone number, etc.) associated with the identityof the adult consumer that the request attempted to verify, etc., sothat the authentic adult consumer may be informed of unsuccessfulattempts to use the adult consumer's identity to pass an age/identityverification for the unlocking of a reduced-risk device. Moreover, ifthe number of unsuccessful verification attempts exceeds the desiredthreshold number, then the adult consumer may be permanently blockedfrom being able to use the identity verification service (e.g.,subsequent attempts to use the adult consumer's identity with theidentity verification service may automatically be rejected by theidentity verification server), and/or the identity verification servermay transmit a permanent lock instruction to the reduced-risk devicesoftware installed on the personal computing device and/or to thereduced-risk device itself.

FIG. 7 is a flowchart illustrating a method for unlocking a lockedreduced-risk device based on results of an age and/or identityverification request according to at least one example embodiment.

In operation S710, the personal computing device (or POS terminal) thatinitiated the age and/or identity verification request receives theresults of the identity verification performed by the identityverification server from the identity verification server. In operationS720, the personal computing device (or POS terminal) may generate anencrypted key for unlocking the locked reduced-risk device (and/or thelocked elements of the reduced-risk device) based on the verificationresults. For example, the encrypted key based on a public key stored onthe personal computing device (such as a public key associated with thereduced-risk device, a public key associated with the adult consumer,and/or other public key, etc.), the UID of the reduced-risk device, thepersonal UID of the adult consumer, and/or the verification result,etc., however the example embodiments are not limited thereto and theencrypted key may also be generated based on other information as well.Alternatively, according to some example embodiments, the personalcomputing device (or the POS terminal) may receive identity verificationresults from the identity verification server which may include anencrypted key that was generated by the identity verification server.

Additionally, the personal computing device may transmit the encryptedkey to the reduced-risk device.

Alternatively, according to some example embodiments, the POS terminalmay transmit the encrypted key to the reduced-risk device over awireless and/or wired communication channel, if the reduced-risk devicehas been removed from its packaging. Additionally, the POS terminal mayunlock the reduced-risk device by emitting pressurized bursts of air ofa desired air pressure and/or frequency to the puff sensor of thereduced-risk device which corresponding to the encrypted key. Further,the POS terminal may emit a coded sound corresponding to the encryptedkey through a speaker, which is received by a microphone of thereduced-risk device.

In operation S730, the reduced-risk device may decrypt the encrypted keyusing a private key stored on the memory of the reduced-risk device. Thereduced-risk device may decrypt the encrypted key using a private keycorresponding to the public key used to encrypt the encrypted key. Forexample, the private key may be a key stored on the reduced-risk devicethat corresponds to the UID of the reduced-risk device, etc.Additionally, in the event that the reduced-risk device is unable todecrypt the encrypted key using the private key, such as in the eventthat an attempt at circumventing the identity verification is performedusing an encrypted key copied from a previous successful identityverification attempt, etc., the reduced-risk device may log theunsuccessful decryption attempt and/or transmit the results of theunsuccessful decryption attempt to the personal computing device (or POSterminal) and/or the identity verification server for further logging.

In operation S740, the reduced-risk device may determine whether theadult consumer was properly verified and/or is legally permitted tooperate the locked reduced-risk device and/or the locked elements of thereduced-risk device, based on the verification results included in thedecrypted key. If the verification results indicate the adult consumeris properly verified, the reduced-risk device may unlock thereduced-risk device and/or the locked element(s) of the reduced-riskdevice (e.g., enable the operation of the reduced-risk device, thedispersion generating article, the power supply, etc., of thereduced-risk device). The locked reduced-risk device and/or the lockedelement(s) of the reduced-risk device may be unlocked for anindeterminate period of time (e.g., permanently unlocked), may beunlocked for a desired period of time (e.g., temporarily unlocked for 15minutes, 30 minutes, etc.), and/or may be unlocked while a desiredunlock condition is satisfied.

In operation S750, in response to the reduced-risk device being changedto the operable state, the control circuitry of the reduced-risk deviceenables operation of the reduced-risk device, such as enabling currentto flow from the reduced-risk device's battery to the heating element ofthe reduced-risk device, enabling the operation of a dispersiongenerating article, etc., and/or other operations.

According to one or more of the example embodiments, an identityverification system, apparatus, method, and/or non-transitory computerreadable medium is provided that improves the process of verifying theage of a purchaser of a tobacco-related, nicotine-related, and/ornon-nicotine related products at a time of sale, such as nicotine and/ornon-nicotine versions of reduced-risk or reduced-harm devices, e.g.,heat-not-burn aerosol generating devices, non-heated inhalable aerosolgenerating devices, and/or e-vaping devices, etc. Additionally, one ormore of the example embodiments provide identity verification servicesat the time that an individual attempts to operate a reduced-risk device(and/or reduced-harm device), and does not permit operation of thereduced-risk device if the individual's age and/or identity is notverified. Further, one or more of the example embodiments allow an adultconsumer to manually lock a reduced-risk device to reduce and/oreliminate the possibility that an unauthorized person operates thereduced-risk device. Also, one or more of the example embodiments enablean adult consumer to locate a reduced-risk device that has been lostbased on the location that the reduced-risk device was last operated,which also reduces and/or eliminates the possibility that anunauthorized person operates the reduced-risk device.

It should be understood that when an element or layer is referred to asbeing “on,” “connected to,” “coupled to,” or “covering” another elementor layer, it may be directly on, connected to, coupled to, or coveringthe other element or layer or intervening elements or layers may bepresent. In contrast, when an element is referred to as being “directlyon,” “directly connected to,” or “directly coupled to” another elementor layer, there are no intervening elements or layers present. Likenumbers refer to like elements throughout the specification. As usedherein, the term “and/or” includes any and all combinations of one ormore of the associated listed items.

It should be understood that, although the terms first, second, third,or the like, may be used herein to describe various elements, modules,regions, layers and/or sections, these elements, modules, regions,layers, and/or sections should not be limited by these terms. Theseterms are only used to distinguish one element, module, region, layer,or section from another region, layer, or section. Thus, a firstelement, module, region, layer, or section discussed below could betermed a second element, module, region, layer, or section withoutdeparting from the teachings of example embodiments.

Spatially relative terms (e.g., “beneath,” “below,” “lower,” “above,”“upper,” and the like) may be used herein for ease of description todescribe one element or feature's relationship to another element(s) orfeature(s) as illustrated in the figures. It should be understood thatthe spatially relative terms are intended to encompass differentorientations of the device in use or operation in addition to theorientation depicted in the figures. For example, if the device in thefigures is turned over, elements described as “below” or “beneath” otherelements or features would then be oriented “above” the other elementsor features. Thus, the term “below” may encompass both an orientation ofabove and below. The device may be otherwise oriented (rotated 90degrees or at other orientations) and the spatially relative descriptorsused herein interpreted accordingly.

The terminology used herein is for the purpose of describing variousexample embodiments only and is not intended to be limiting of exampleembodiments. As used herein, the singular forms “a,” “an,” and “the” areintended to include the plural forms as well, unless the context clearlyindicates otherwise. It will be further understood that the terms“includes,” “including,” “comprises,” and/or “comprising,” when used inthis specification, specify the presence of stated features, integers,steps, operations, elements, and/or modules, but do not preclude thepresence or addition of one or more other features, integers, steps,operations, elements, modules, and/or groups thereof.

Example embodiments are described herein with reference tocross-sectional illustrations that are schematic illustrations ofidealized embodiments (and intermediate structures) of exampleembodiments. As such, variations from the shapes of the illustrations asa result, for example, of manufacturing techniques and/or tolerances,are to be expected. Thus, example embodiments should not be construed aslimited to the shapes of regions illustrated herein but are to includedeviations in shapes that result, for example, from manufacturing.

Unless otherwise defined, all terms (including technical and scientificterms) used herein have the same meaning as commonly understood by oneof ordinary skill in the art to which example embodiments belong. Itwill be further understood that terms, including those defined incommonly used dictionaries, should be interpreted as having a meaningthat is consistent with their meaning in the context of the relevant artand will not be interpreted in an idealized or overly formal senseunless expressly so defined herein.

Example embodiments have been disclosed herein, it should be understoodthat other variations may be possible. Such variations are not to beregarded as a departure from the spirit and scope of the presentdisclosure, and all such modifications as would be obvious to oneskilled in the art are intended to be included within the scope of thefollowing claims.

What is claimed is:
 1. A computing device for verifying an age andidentity of an adult consumer, the computing device comprising: a memoryhaving computer readable instructions stored thereon; and at least oneprocessor configured to execute the computer readable instructions to,receive adult consumer identity information corresponding to the adultconsumer from the adult consumer, receive a unique ID (UID) of areduced-risk device (RRD), the UID of the RRD being a public keycorresponding to the RRD, transmit the adult consumer identityinformation to an identity verification server to perform age andidentity verification of the adult consumer, the transmitting causingthe identity verification server to verify an age and identity of theadult consumer based on the adult consumer identity information, receiveresults of the performed age and identity verification from the identityverification server, generate an encrypted key corresponding to the RRDbased on the results of the performed age and identity verification ofthe adult consumer and the UID of the RRD, and transmit the encryptedkey to the RRD, the encrypted key causing the RRD to decrypt theencrypted key using a private key stored in a memory of the RRD, theprivate key corresponding to the public key, and change an operatingstate of the RRD to an operable state based on the decrypted key.
 2. Thecomputing device of claim 1, wherein the computing device is at leastone of a smartphone, a tablet, a laptop, a personal computer, apoint-of-sale (POS) terminal, an air puff generator device, or anycombinations thereof.
 3. The computing device of claim 1, wherein theadult consumer identity information includes at least a name of theadult consumer, a birth date of the adult consumer, and a mailingaddress of the adult consumer; and the at least one processor is furtherconfigured to, transmit the name of the adult consumer, the birth dateof the adult consumer, and the mailing address of the adult consumer tothe identity verification server via an encrypted communication channel,and receive the results of the performed age and the identityverification of the adult consumer via the encrypted communicationchannel.
 4. The computing device of claim 1, wherein the UID of the RRDis embodied in at least one of a barcode, a QR code, a NFC tag, aBluetooth tag, a RFID tag, a magnetic tag, a printed serial number, or acombination thereof.
 5. The computing device of claim 1, wherein the atleast one processor is further configured to: receive a unique ID (UID)of a dispersion generating article for the RRD, the dispersiongenerating article configured to contain a pre-dispersion formulation;generate a second encrypted key corresponding to the dispersiongenerating article based on the results of the performed age andidentity verification of the adult consumer and the UID of thedispersion generating article; and transmit the second encrypted keycorresponding to the dispersion generating article to the RRD, whereinthe second encrypted key causes the RRD to operate the dispersiongenerating article.
 6. A reduced-risk device (RRD) for use with an ageand identity verification service, an operating state of the RRDinitially being in an inoperable state, the RRD comprising: at least onetransceiver configured to communicate with at least one computingdevice; a memory configured to store a private key corresponding to theRRD; and control circuitry configured to, receive an encrypted keycorresponding to the RRD from a computing device associated with anadult consumer, the encrypted key generated based on a unique ID (UID)corresponding to the RRD and results of an age and identity verificationperformed on the adult consumer by an identity verification server, theUID of the RRD being a public key corresponding to the private key,decrypt the encrypted key using the private key, determine whether theage and the identity of the adult consumer was successfully verifiedbased on the decrypted key, and change the operating state of the RRDfrom the inoperable state to an operable state based on results of thedetermining whether the age and the identity of the adult consumer wassuccessfully verified.
 7. The RRD of claim 6, wherein the UID of the RRDis embodied in at least one of a barcode, a QR code, a NFC tag, aBluetooth tag, a RFID tag, a magnetic tag, a printed serial number, orany combinations thereof; and the control circuitry is furtherconfigured to change the operating state of the RRD to the operablestate in response to the results of the determination indicating theadult consumer meets a legal age requirement for operating the RRD. 8.The RRD of claim 6, wherein the control circuitry is further configuredto: block current from flowing from a power supply included in the RRDto a heater included in the RRD in response to the operating state ofthe RRD being in the inoperable state; and allow current to flow fromthe power supply to the heater in response to the operating state of theRRD being in the operable state.
 9. The RRD of claim 6, wherein inresponse to the operating state of the RRD being in the operable state,the control circuitry is further configured to: determine whether theRRD is within a desired distance range of the computing device based onsignals received by the transceiver from the computing device; andchange the operating state of the RRD to the inoperable state based onresults of the determining whether the RRD is within the desireddistance range of the computing device.
 10. The RRD of claim 6, whereinin response to the operating state of the RRD being in the operablestate, the control circuitry is further configured to: calculate alength of time that the RRD has been in the operable state; and changethe operating state of the RRD to the inoperable state in response tothe length of time exceeding a desired threshold operation time.
 11. TheRRD of claim 6, wherein the control circuitry is further configured to:change the operating state of the RRD to the inoperable state inresponse to a wireless shutoff signal received by the at least onetransceiver.
 12. An age identity verification system comprising: areduced-risk device (RRD) including a unique ID (UID) of the RRD, amemory configured to store a private key, and at least one transceiver,wherein an operating state of the RRD is initially in an inoperablestate; an identity verification server configured to perform age andidentity verification related to an adult consumer; and a computingdevice configured to, receive adult consumer identity informationcorresponding to the adult consumer from the adult consumer, receive theUID of the RRD, the UID of the RRD being a public key corresponding tothe RRD, transmit the adult consumer identity information and the UID ofthe RRD to the identity verification server to perform age and identityverification of the adult consumer, receive results of the performed ageand identity verification from the identity verification server, receivean encrypted key corresponding to the RRD based on the results of theperformed age and identity verification of the adult consumer, theencrypted key generated based on the UID of the RRD, the UID of the RREbeing a public key corresponding to the RRD, and transmit the encryptedkey to the RRD; and the RRD is further configured to decrypt theencrypted key using the stored private key, the private keycorresponding to the public key, and change the operating state of theRRD to an operable state based on the decrypted key.
 13. The system ofclaim 12, wherein the adult consumer identity information includes atleast a birth date of the adult consumer; and the identity verificationserver is further configured to, receive the adult consumer identityinformation from the computing device via an encrypted communicationchannel, perform the age and the identity verification of the adultconsumer by verifying the age and the identity of the adult consumerbased on the adult consumer identity information, and transmit theresults of the age and identity verification of the adult consumer tothe computing device via the encrypted communication channel.
 14. Thesystem of claim 12, wherein the RRD is further configured to, determinewhether the identity of the adult consumer was successfully verifiedbased on the decrypted key, and change the operating state of the RRD tothe operable state based on results of the determination.
 15. The systemof claim 14, wherein the RRD is further configured to change theoperating state of the RRD to the operable state in response to theresults of the determination indicating the adult consumer meets a legalage requirement for operating the RRD.
 16. The system of claim 12,wherein the RRD includes control circuitry, a heater, and a powersupply; and the control circuitry is configured to, block current fromflowing from the power supply to the heater in response to the operatingstate of the RRD being in the inoperable state, and allow current toflow from the power supply to the heater in response to the operatingstate of the RRD being in the operable state.
 17. The system of claim12, wherein in response to the operating state of the RRD being in theoperable state, the RRD is further configured to: determine whether theRRD is within a desired distance range of the computing device based onsignals received by the transceiver; and change the operating state ofthe RRD to the inoperable state based on results of the determiningwhether the RRD is within the desired distance range of the computingdevice.
 18. The system of claim 12, wherein in response to the operatingstate of the RRD being in the operable state, the RRD is furtherconfigured to: calculate a length of time that the RRD has been in theoperable state; and change the operating state of the RRD to theinoperable state in response to the length of time exceeding a desiredthreshold operation time.
 19. The system of claim 12, wherein the RRD isfurther configured to: receive a wireless shutoff signal; and change theoperating state of the RRD to the inoperable state in response to thereceived wireless shutoff signal.
 20. The system of claim 12, whereinthe UID of the RRD is embodied in at least one of a barcode, a QR code,a NFC tag, a Bluetooth tag, a RFID tag, a magnetic tag, a printed serialnumber, or any combinations thereof.